Research: Thwarting sophisticated cyber-attacks demands better grasp of big data with more proactive analytics

Federal government, financial services to spend $42 billion on technology to combat evolving cyber-security threats

Stealing media headlines with a new breach almost every week, cyber-security has skyrocketed to the top of boardroom discussion agendas. Yet an average of 35 per cent of all cyber-attacks still go undetected.1 Recent IDC research, sponsored by SAS, Big Data and Predictive Analytics: On the Cyber-security Frontline, crystalises the issue: Organisations need to shift from reactive to proactive strategies that seek to understand a threat before an attacker can cause damage. This requires constant monitoring of network behaviour so that unusual activity can be distinguished from normal behaviour.
[1 and 2 Ponemon Institute, Threat Intelligence and Incident Response. Feb. 12, 2014].

To do this, organisations require a new set of security solutions to match the increasing number and sophistication of attacks. Applying predictive and behavioural analytics to all available enterprise and external data can help organisations evaluate threat potential, detect likely attacks and gather further intelligence. These analytics need to execute in real time so threats can be proactively mitigated before significant loss occurs.

In an earlier study from the Ponemon Institute2 86 per cent of respondents said detecting cyber-attacks takes too long, and 85 per cent weren't prioritising incidents. Meanwhile, 40 per cent said their security products did not import threat intelligence from other sources.
[1 and 2 Ponemon Institute, Threat Intelligence and Incident Response. Feb. 12, 2014].

"After more detailed evaluation of the challenges and gaps in the market, organisations need a more strategic approach to threats by augmenting existing security systems with more advanced behavioural analytics," said Alan Webber of IDC. "Software vendors who have integrated a big data analytics platform at the core are well positioned to provide an additional layer of security protection and deterrence in the market."

IDC interviewed information security executives, practitioners and industry experts across three industries: US federal government, financial services and energy. The goal was to understand the evolving cyber-security threat landscape and how big data and predictive analytics should be deployed to better address threats and risks they face every day.

The research explains that effective big data solutions must differ from existing, reactive "collect and analyse" methods since we now have technology to use information in timeframes and manners not possible in the past. To derive value from big data, organisations need behavioural analytics and frameworks like Hadoop to improve security at a much faster rate.

Industry implications and opportunities

For government, IT security is neither a small nor inexpensive problem. The US Computer Emergency Readiness Team (US-CERT) reported more than 46,000 incidents at US federal government agencies in 2013. IDC estimates US federal government agencies alone will spend over $14.5 billion in IT security to thwart attackers and address incidents. In addition to multilayered security defenses, government agencies have highly complex infrastructures composed of a range of technologies from older mainframe systems to cloud-based and mobile apps. By turning to predictive behavioural cyber-analytics, these agencies are able to shift toward a more proactive defence posture.

In the utility and energy industry, the IDC research found advanced and predictive analytics critical for advancing a wide array of cyber mandates, including regulatory compliance. Utilities are just beginning to appreciate the opportunities for threat identification and remediation that big data analytics deliver.

For financial services, cyber-security strategies remain atop the agenda. The IDC research predicted the financial services industry would spend over $40 billion in 2015 on managing operational risks, including cyber-threats. They noted that $27.4 billion would be earmarked for IT spend on information security and fraud. With shrinking response windows and the complexity of threats to digital channels, advanced, predictive threat intelligence solutions and services have become top items for chief risk officers, data officers, executives and regulators.

Advanced analytics leader unveils SAS® Cyber-security

"Cyber-security may be the most critical area where big data can be a barrier to understanding the true threat landscape," said Stu Bradley, Senior Director of Security Intelligence at SAS. "Yet, if optimised, big data presents a significant opportunity to add context for more accurate and faster threat detection."

Last week, SAS unveiled SAS Cyber-security, which harnesses high-performance analytics to process and evaluate billions of daily network transactions in real-time, shrinking the time to detect security events and improving the efficiency of security operations.

SAS applies their experience solving complex business analytics challenges to the detection of suspicious network activity with SAS Cyber-security. The solution, which is in limited release now and generally available in fourth quarter 2015, uses advanced analytics to understand the normal business behaviour of each system by analysing daily network transactions correlated with business contextual information. It optimises then analyses data in real time to capture a continuous picture of active security risks. By first understanding normal behaviour and then unearthing hidden, complex patterns to identify potential threats, an organisation can have a comprehensive view of risk to sustain its information advantage over attackers.

Learn more about SAS Cyber-security and read the full research paper: Big Data and Predictive Analytics: On the Cyber-security Frontline.

Today's announcement was made at SAS Global Forum; the world's largest gathering of SAS users, attended by more than 4,500 business and IT users of SAS software and solutions.

1 and 2 Ponemon Institute, Threat Intelligence and Incident Response. Feb. 12, 2014.

About SAS

SAS is the leader in analytics. Through innovative analytics, business intelligence and data management software and services, SAS helps customers at more than 83,000 sites make better decisions faster. Since 1976, SAS has been giving customers around the world THE POWER TO KNOW®.

Back to Top