In traditional cybersecurity arrangements, data had little to no role to play. It was managed in an ad hoc manner and manually handled by security analysts. However, as cybersecurity attacks increased in volume and complexity, such conventional approaches met limitations in mitigating threats and reducing their risks to businesses and organizations.
As a result, the cybersecurity systems of today and tomorrow have become more flexible and efficient mechanisms to responding to and mitigating threats. In order to develop these sophisticated security solutions, businesses have had to think about analyzing massive amounts of data generated from various sources, including cybersecurity solutions, to generate security policies and rules with minimal human intervention using automation.
This is only one of the many things data can do to strengthen the cybersecurity posture of an organization. Here are some more useful tips coming from TEHTRIS SOC and TEHTRIS R&D.
What is data-driven cybersecurity?
Today, our lives depend on technology to learn, work and interact. Unfortunately, this reliance makes technology a massive target for someone wanting to disrupt the normal course of people’s lives.
Attackers are using the coronavirus pandemic to trigger cyberattacks aimed at confusing and hindering healthcare systems from working to save human lives. We are witnessing a staggering 667% increase in phishing attacks owing to the pandemic this year.
There is an increasing trend of attacks targeted at healthcare organizations, even the World Health Organization was not forgiven. While coronavirus will cost the global economy a whopping $2 trillion, cybercrime might triple that amount by 2021 to $6 trillion.
The only way to curb this growing threat is to take a data-driven approach to cybersecurity. Data-driven cybersecurity is an arrangement where big data is used to make informed decisions about the cybersecurity practices in a company. It provides an action plan in the face of a security event and an action plan to safeguard data and applications.
When data lies at the core of its strategy, it becomes a data-driven cybersecurity approach.
Why is data-driven security matters?
Data often shows and knows what we do not. Big data analytics refers to analyzing large, varied volumes of data often untouched by regular analytics software. The data can be structured, unstructured, or a mixture of both. It can be used to analyze historical patterns and come up with better security threat controls.
Through a combination of big data, machine learning, and artificial intelligence, businesses can perform a thorough analysis of current and past data and determine what is “normal”. Based on the results of these findings, organizations can strengthen their cybersecurity arrangements to raise flags when there is a deviation from the expected and the normal.
For instance, if an organization tracks running software on employees’ devices, it will detect patterns such as normal time frames when employees works and normal binaries that are commonly used. If a program follows a phishing link, the system can ward it off and flag it with the knowledge of the time and the URL address that was used. This is how we work at TEHTRIS, by smoothly breaking the digital frontier between a machine learning process, with the needed operating system’s behaviors recorded, and the cybersecurity world.
Indeed, data-driven security is a viable, feasible and necessary solution for businesses that want to solidify their cybersecurity posture and safeguard their infrastructure.
If a company has been a victim of a cyberattack, following the anomalies that ultimately led to the event through data analysis can help identify the patterns used by the hackers before they gained access to the network. The company can then make use of machine learning to ensure the same event does not occur again.
However, data-led security does not stop there. The next step is to automate the process as much as possible so that deviations can be picked up faster and threats can be mitigated quicker.
"...through data analysis can help identify patterns followed by hackers before they gain access to the network."
Important insights from data-led security initiatives
According to CSO Online, 84% of businesses use Big data to block cyber-attacks. These companies also reported a handsome decline in breaches after introducing big data analytics to their security operations.
Data-led cybersecurity can allow organizations to gain significant insights into their overall cybersecurity posture, and specifically leads to:
- Cyber threat and incident analysis – Incidents and threats can be effectively analyzed by looking at the underlying data and digging for patterns to detect the steps attackers took or could take while attacking an infrastructure. Big data can lead to significant findings in this regard. For example, TEHTRIS XDR Platform gathers all signals from smart sensors such as our EDR and EPP SIEM, among others, allowing SOC members to conduct enhanced in-depth analysis with our data science features.
- Threat anticipation – Data and machine learning algorithms can reveal gaps in cybersecurity so that companies know what kind of threats to anticipate based on their infrastructure. After gaining this insight, businesses can prepare to plug in these gaps and strengthen their cybersecurity posture. Companies can even create signatures based on anticipated threats so that they can be warded off. For example, in few days, companies using TEHTRIS EDR have a global map of unwanted binaries, hidden or running, that should be avoided, leading to the possibility to anticipate with white-listing options.
- Security architecture – Data-driven cybersecurity architecture includes data governance for the collected data and data-sharing models that would work best in a certain industry or organization. Data can lead to significant findings about the underlying security architecture and offer hints on improving it. For example, with TEHTRIS Deceptive Response, our honeypots will gather unwanted and strange network requests inside a large-scale infrastructure, as proof of containment issues.
- Security incident management or response – Security incident management starts with a full investigation of the anomalous system, the irregular data, the user behavior and the system. For instance, if a security incident management team identifies a server operating slower than usual, they will set out to determine whether the behavior of the system is a result of an underlying security issue. If so, the incident will be further analyzed. A data-driven approach can cut short the time needed for such investigations by making relevant data available at the fingertips of the security professionals. For example, through the TEHTRIS XDR Platform, cybersecurity analysts can easily implement powerful filters to learn and discover the information about what is going on inside the infrastructure.
- Cybersecurity analytics and visualization – Data analytics and visualization can lead security analysts to overcome scale and complexity challenges associated with the large volume of cyber threats that can be hard to review with traditional SIEM tools. With TEHTRIS SIEM, included in the TEHTRIS XDR Platform, data-driven visualization can also make pattern and anomaly detection seamless, uncovering unusual patterns that need further investigation. Data-led visualization can also help with incident forensics, where analysts study log data to understand the sequence of events that led up to an incident. For example, automatic security audits initiated by TEHTRIS EDR allows us to uncover unknown vulnerabilities.
Data-driven cybersecurity also lies at the heart of artificial intelligence in threat prevention and detection. AI has several use cases for cybersecurity, some of which are currently being used by sophisticated cybersecurity solutions such as TEHTRIS XDR.
Learn more about data-driven cybersecurity in our next posts. Subscribe to the series by following us on Linkedin.