For years, the cybersecurity industry has been building defenses against malware, mimicking real-world security guards stationed outside buildings. These defenses do not work anymore. Cyber attackers have multiplied in numbers in the last ten years and spread across the globe attacking remotely. The most disastrous development is that hackers are now funded by nations and groups, providing them with ample opportunities to hone their skills and target the largest corporations and even governments.
Needless to say, a single line of defense cannot keep pace with diversely powerful groups of hackers anymore. Barring a few cases, most organisations do not have a mechanism to identify whether they have been hacked. As they say in the security industry, there are only two realities—either you know or don’t know whether you have been breached. The problem of hacking is compounding as the most sophisticated attacks are never discovered and since there is no obvious symptom of a breach, one continues to have a false sense of security.
The current security technologies deployed by most customers focus on recognising events that are purely based on identifying signatures of attackers and catching the culprits. These ‘post-attack’ activities involve creating an information database of known criminals and keeping away from them. These methods cannot stop newer attackers, which are growing rapidly. Smart attackers can also steal without leaving a trace. Even when enterprises are successful in catching the offenders, they cannot stop them in the first place. This is where having actionable threat intelligence plays a big role, by stitching together data from within the enterprise as well as globally. With the advent of next-generation technologies like graph database, deep learning, user and entity behaviour analytics, one is in a position to identify possible threats even before they create irreparable damage to an enterprise.
How big data and machine learning can prevent hacking
Big data and machine learning can predict where the next attack will come from and how. By analysing data from a wide repository of information, one can determine trends in cyber attacks.
Big data expands the size, scope and pool of information captured from possible attacks. It means security solutions have the scale that matches the expanding pool of global hackers.
Big data can be juxtaposed with machine learning tactics to ‘predict’ how newer attacks can happen. Learning tools can pinpoint loopholes in the current systems that leave enterprises vulnerable to newer forms of attacks.
Analytics can also induct ‘agility’ into the function of security. The reaction time to cyber threats can also be reduced by a wide margin with real-time tracking powered by analytics. For example, suspicious activity can be tracked and identified within minutes and an attack in progress can be stalled subsequently. This is effective against attackers who enter the system via phishing (a very popular method of entry) or ransomware trying to shut down systems.
The cost benefits of analytics
The use of analytics brings with it the advantages of automating security reporting. IT teams more often than not are burdened with routine tasks, leaving them with less time to chase potential threats. With fewer tasks in hand, the efficiency of IT teams can go up, allowing them to secure systems quickly.
Replacing traditional security tools with analytics-powered solutions can cut down expensive data warehousing costs for enterprises. Data analytics solutions are no longer the bastion of large organisations only. A large number of Indian solution providers too have made a name in the cybersecurity market, which was earlier dominated by multinational corporations. Indian solutions, especially startups in the space, provide end-to-end management solutions and also reduce the cost of ownership. With analytics, it is now cheaper and easier to be more secure.
Pankit Desai is the co-founder and chief executive of Sequretek, a startup that provides core security IP and advisory services.