Network security needs big data

As the inadequacies of perimeter-centric defenses become clearer, the zero-trust model grows more appealing. As for ZTM, it will need big data to succeed.

There are two types of organization now: those that have been breached, and those that just don't know it yet.

A big part of the problem is that the traditional approach to network security, relying on perimeter-centric strategies, is failing. According to the 2014 Cyberthreat Defense Report, more than 60% of organizations fell victim to one or more successful cyberattacks last year. But it is the following statistic that shows the ineffectiveness of perimeter defenses: Studies have shown that between 66% and 90% of data breaches are identified, not by the organizations that are breached, but by third parties.

One alternative that is a strong candidate to improve the security situation is the zero-trust model (ZTM). This aggressive approach to network security monitors every piece of data possible, under the assumption that every file is a potential threat. It requires that all resources be accessed in a secure manner; that access control be on a need-to-know basis and strictly enforced; that systems verify and never trust; that all traffic be inspected, logged, and reviewed; and that systems be designed from the inside out instead of the outside in. It simplifies how information security is conceptualized by assuming there are no longer "trusted" interfaces, applications, traffic, networks or users. It takes the old model -- "trust but verify" -- and inverts it, because recent breaches have proved that when an organization trusts, it doesn't verify. This model was initially developed by John Kindervag of Forrester Research and popularized as a necessary evolution of traditional overlay security models.

In ZTM, companies should also analyze employee access and internal network traffic, and grant minimal employee access privileges. ZTM also emphasizes the importance of log analysis and increased use of tools that inspect the actual content of data packets.

According to a study conducted by Forrester on behalf of IBM, many organizations are already on the path to support ZTM, with their responses indicating that they have already adopted key ZTM concepts, whether though they may not be aware of ZTM itself. This is encouraging, since it suggests that full implementation of ATM could be a mere extension of activities already in place. Specifically, depending on activity (e.g., logging and inspecting all network traffic), between 58% and 83% of respondents are already behaving in ways that support ZTM concepts.

Big data meets ZTM

Using ZTM will generate enormous volumes of real-time data, the analysis of which will have IT managers drowning in log files, vulnerability scan reports, alerts, reports and more. Adding big data analytics to the mix will give IT managers a comprehensive view of their security landscape, exposing what is at risk, how severe the risks are, how important the asset at risk is and how to fix the security weakness.

But there's more to be gained by combining ZTM with big data. A promising approach is to apply behavioral analytics to data already resident in networks and so prevent a broad range of suspicious activities.

According to Gartner, big data analytics will play a crucial role in detecting cyberattacks. By 2016, more than 25% of global organizations will adopt big data analytics for at least one security and fraud-detection use case, up from the current 8%. Big data will change most of the product categories in the field of computer network security, including network monitoring, the authentication and authorization of users, identity management, fraud detection, and systems of governance, risk and compliance. Big data will also change the nature of the security controls, such as conventional firewalls, anti-malware and data loss prevention. In coming years, the tools of data analysis will evolve further to enable a number of advanced predictive capabilities and automated controls in real time.

Finally, the use of big data analytics in network security needs efficient data capture and analysis that can look broadly and historically across an infrastructure, sometimes trailing several months, to see when and how a breach occurred and what the consequences were. This process involves great volume, variety and velocity of data.

It's an open field for companies to introduce new products and services and harvest the profit.

Ahmed Banafais a professor with Kaplan University's School of Information Technology.

Join the CSO newsletter!

Error: Please check your email address.

Tags Zero-Trust Modeldata securitysecuritydata protection

More about Forrester ResearchGartnerKaplanTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Ahmed Banafa

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place