​Policing the data lake

It's not hard to imagine Jim Kent as a detective with his friendly manner that invites you to confide in him where you buried your mother's body, which he was for fifteen years during which he set up the Suffolk Constabulary's cyber investigations unit.

“I was just a boring old detective, happily dealing with my murders and rapists, as you do, when I got a phone a call from my Chief Inspector. It was in 1998,” he remembers. “He said, 'Jim, you fixed my computer a few weeks ago. The government have come up with all this money and I can only have it if I build a high tech crime unit. So you're going to build it for me.'”

That started Jim Kent's journey into cybercrime investigations, “I ended up falling into it like it was something I was always meant to do.”

Jim Kent spoke to CSO Magazine at the recent Black Hat conference which he was attending in his current role as Chief Executive Officer for Nuix's North American operations and the company's head of Security & Intelligence products.

“In my mind there are two sides to cybersecurity,” he observes of the industry. “The front side is 'I'm protecting, I'm fortifying, I'm running the IDS, I'm the antivirus, whatever I am.' People have made a load of money out of dealing with those little buckets. Nobody really deals with the other side of security which is the 'how deeply have they been inside, what's my risk, how have they been able to cover their tracks by deleting logs?' That bit has kind of been ignored.'

Risks in the data lake

The problem he sees with the amount of data being collected is that it tends to get filed away for further use, creating a data lake which poses risks to organisations.

“People have data lakes of information and they have no idea what to do with them. The noise, the magnitude of alerts, the hullaboo of cyber security marketing, 'buy a bit of this and buy a bit of that' is a real issue for corporates.

“The real task is to simplify and sanitise that down. If you take it all away, what are you trying to do? Basically we're selling a simple message of 'don't open that PDF document',” he says of the industry. “Someone can sell you a million dollar product to do that but actually that should be part and parcel of your everyday security posture.”

Applying machine learning and Artificial intelligence as being the only way to manage the data lake, “When you apply machine learning and AI to it, it becomes enriched data. It's not just metadata or profile, it's actually fully enriched data.”

Ethical hacking

One of the areas Kent has specialised in has been penetration testing both at Nuix and in his previous businesses and he sees it as being critical for organisations so they can understand the weaknesses in their networks.

“Every organisation should have an ethical hacker. Someone who can give an honest, unbiased view of your security posture,” he says. “For me, ethical hacking is very crucial. It's something that should be done because hackers are trained in doing the right things.”

“Ethical hacking goes back to basic policing. The best people who can show you how to break into cars are those who used to steal cars because they will show you the things that will stop ninety percent of people.”

Eating an elephant

For executives, dealing with the complexities of information security is daunting. “The advice is just how you would eat an elephant – one bit at a time,” is Jim Kent's advice to business managers. “I would start at my most valuable assets and work outwards along with having people working inwards.”

“You need a combination of great people, you need the processes around it and obviously you need technology that allow the people and processes to be as effective as possible,” he says. “Each business is going to do things differently, one might start at the rump will another might start at the trunk, the end result will be the same.”

“I'd say 'what are you trying to achieve? Is it security posture? Is it risk management? Is it all of the above? Where do you want to be?'”

The police conundrum

For police forces Kent sees their data management challenges being similar to the private sector with privacy being a particular concern. “With that amount of data flying around there is bound to be some that shouldn't be there,” he muses.

“They are dealing with magnitudes of data, not just digital,” observes Kent about the task ahead for police force. “They've got body cams on, they have CCTV, there's so many things happening and that is all sitting somewhere where someone has to make sense of it.”

“They are now getting real time feeds but they aren't able to base that against history or intelligence to tell them where they should be policing. So collecting and correlating all of that is a big problem.”

Paul Wallbank travelled to Las Vegas as a guest of Nuix

Join the CSO newsletter!

Error: Please check your email address.

Tags Nuixdata securityBlack Hat Conferencedata theftethical hackingcyber crimedata protectionhackingcyber securityIDSCyber risksanti-virus

More about CSONuix

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paul Wallbank

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place