This post was originally published on the Resonant Analytics blog…
If you’ve read the news lately, you’ve probably heard of the recent attack on the US Office of Personnel Management. The OPM data breach resulted in the theft of sensitive information for nearly 4 million current and former government employees, and has thrown the US government into a scramble to figure out the who, when, and why of the attackers.
The breach of 4 million records in the OPM hack may seem like a large number, but that pales in comparison to the scale of some of the attacks against the retail industry. In 2014, many businesses found themselves victims of hackers, but two major retailers, Home Depot and Target, suffered the biggest breaches of their data stores. Target found that during the holiday shopping season, they had a breach that released over 40 million debit and credit card numbers to hackers. A few months before that, Home Depot confirmed that they had been targeted and had 56 million credit and debit cards affected by the security breach. With these hackers targeting companies’ and governments’ data infrastructure and stores, some professionals in the industry have started to use Big Data as the answer, rather than the weakness.
Industry professionals are looking for answers and there is a growing demand for Security Information and Event Management (SIEM) technology and services. SIEM technology gathers and analyzes security event data and utilizes it to manage and assess threats to sensitive company information. Most companies currently have a data infrastructure where one security solution handles one facet of their company’s whole security infrastructure. With this integrated technology, these single facets now communicate back to a central security apparatus that analyzes unstructured and structured data to improve current protocols. This intelligence sharing allows for security systems to communicate and inform each other of detected threats, then adapt themselves in real time.
A few different companies have come out with SIEM technology solutions. IBM has combined their security solution QRadar with their big data consolidation service InfoSphere BigInsights. This system pores over multiple data sources, DNS transactions, emails, and business process transactions, over years of activity, to expose any suspicious or malicious activity hidden against the background noise of millions of ordinary events. Another product by CounterTack collects and correlates data collected from thousands of different endpoints to detect and inform of malicious behavior that might have been missed by a siloed product. Although hackers are getting more and more advanced, the business industry is innovating to try to keep up with them.