Welcome!

@CloudExpo Authors: Liz McMillan, Pat Romanski, Elizabeth White, William Schmarzo, Stefan Bernbo

Related Topics: @BigDataExpo, Java IoT, Linux Containers, @CloudExpo, Cloud Security, SDN Journal

@BigDataExpo: Article

Security Through Data Analytics

The best way to protect the infrastructure, the brand and the consumer

Given the mountains of data now floating around, it is perhaps inevitable that the very function of data analytics is seen as somehow intrusive. There's a constant glut of reports, columns and other stories bemoaning the lack of data privacy - and at times, they're entirely justified. Organizations have a solemn duty to protect their customers' data, and those that don't implement the proper safeguards deserve to be vilified.

But beneath the surface lurks another dimension of this discussion that is often overlooked. Ethical and effective data analytics enhances security. Ethical and effective data analytics protects not only the institutions that possess the data, but also the consumers that data reflects. Ethical and effective data analytics serves a good purpose.

Let's be clear about the parameters of this argument. Data doesn't exist in a vacuum - it's generated on an ongoing basis through multiple activities, created in numerous formats and comes in through a variety of channels. At any given time, it is being analyzed and used (and occasionally misused) to serve many different needs.

Of course, when done right, information services and analytics represent a key driver of most business decisions. Actionable intelligence based on real data doesn't just augment gut instinct; it leads to quantitative thinking that supports strategic initiatives, enables tactical outreach and boosts the bottom line. Perhaps most important, it enhances information security so as to protect customer privacy and prevent operational and brand damage.

High-profile assaults on retailers like Target and Neiman Marcus, or clandestine downloads of classified information from the National Security Administration (NSA), make more news than inside-the-infrastructure DDoS attacks, but the latter is even more insidious. There are over 2,000 DDoS attacks every day. Some 65 percent of all organizations see three or more attacks each year. While the devastation is certainly felt on an organizational level, the financial impact is just as significant: DDoS attacks can cost up to $100K an hour.

DDoS mitigation can be an enormous challenge. Making an accurate distinction between normal, benign Internet traffic and malicious activity that could be the root cause of a potential DDoS attack is critical, but it's not easy. This is in part because DDoS attacks, especially when they serve as the front line of advanced targeted attacks, are remarkably sophisticated. They rely on stealth techniques that go unnoticed within the enterprise for long periods. They're highly customized, based specifically on each target's infrastructure and defenses, and can often defeat defense strategies that rely primarily on signature-based detection. Then of course there's the cloud. When attacks become super-sized, the defensive strategies in place must have the capacity to scrub far larger volumes of bad traffic.

This is why information services and analytics are so crucial. They can boost awareness and reaction time to particular situations. When it comes to leveraging Big Data within the enterprise to help identify breach attempts, it's still early days. According to a January 2014 report from Gartner, eight percent of enterprises are using data and analytics to identify security flaws. But there's reason for optimism - the same report also estimates that within the next two years, around 25 percent of enterprises will leverage Big Data for security purposes.

It is this same pattern-searching approach that the enterprise should take when it comes to DDoS mitigation. Proactive site monitoring on a continuous basis - in particular with a centralized view of traffic patterns - enables organizations to identify anomalies and threats, before they become real problems. For example, in the case of a custom application being exploited for a directed attack to steal customer data, the detection solution must be able to identify and highlight the fact that there's a new kind of application traffic on the network.

This might be a new concept to enforce at the enterprise level, but this is really something that banks have been doing for years with regard to fraud protection services. Banks monitor a person's transaction activity, and when a purchase is made that does not fit the usual spending behavior, it is stopped and flagged with the customer. The same thing should - and will - happen at the enterprise level.

It's easy to see why information services and analytics are too often seen as a potential invasion of privacy. Data privacy is vital, and it should rightfully be a corporate priority. However, in the ongoing effort to secure data, the right kind of analytics can be the best weapon of all.

More Stories By Mark Bregman

Mark F. Bregman is Senior Vice President and Chief Technology Officer at Neustar. He joined the Neustar executive team in August 2011 and is responsible for Neustar’s product technology strategy and product development efforts.

Prior to joining Neustar, Dr. Bregman was Executive Vice President and Chief Technology Officer of Symantec since 2006. His portfolio while CTO of Symantec Corporation included developing the company’s technology strategy and overseeing its investments in advanced research and development, security and technology services.

Prior to Symantec, Dr. Bregman served as Executive Vice President, Product Operations at Veritas Corporation, which merged with Symantec in 2005. Prior to Veritas, he was CEO of AirMedia, an early mobile content marketplace, and spent 16 years in a variety of roles at IBM. Dr. Bregman serves on the Board of the Bay Area Science & Innovation Consortium and the Anita Borg Institute, which focuses on increasing the impact of women on all aspects of technology.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
"Qosmos has launched L7Viewer, a network traffic analysis tool, so it analyzes all the traffic between the virtual machine and the data center and the virtual machine and the external world," stated Sebastien Synold, Product Line Manager at Qosmos, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
"Coalfire is a cyber-risk, security and compliance assessment and advisory services firm. We do a lot of work with the cloud service provider community," explained Ryan McGowan, Vice President, Sales (West) at Coalfire Systems, Inc., in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Regulatory requirements exist to promote the controlled sharing of information, while protecting the privacy and/or security of the information. Regulations for each type of information have their own set of rules, policies, and guidelines. Cloud Service Providers (CSP) are faced with increasing demand for services at decreasing prices. Demonstrating and maintaining compliance with regulations is a nontrivial task and doing so against numerous sets of regulatory requirements can be daunting task...
Get deep visibility into the performance of your databases and expert advice for performance optimization and tuning. You can't get application performance without database performance. Give everyone on the team a comprehensive view of how every aspect of the system affects performance across SQL database operations, host server and OS, virtualization resources and storage I/O. Quickly find bottlenecks and troubleshoot complex problems.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...