Big data is proving a powerful tool in companies’ never-ending struggle to keep data and networks secure.
Big data, or more specifically data analytics, allows vast amounts of information from disparate sources and often in different formats to be analysed for patterns and anomalies.
Gartner predicts that, by 2016, 25 per cent of large global companies will have adopted big data analytics for cyber security or fraud detection, up from 8 per cent today.
Avivah Litan, vice-president and distinguished analyst at Gartner, said enterprises could achieve significant savings in time and money by using big data analytics to stop crime and security infractions. They should achieve a positive return on investment within the first six months of implementation, which she said was too big to ignore.
From helping pinpoint phishing attempts to screening out scam calls to financial institutions, big data is proving its worth.
Mathew Benwell, senior information security specialist, IT risk management, at the University of Adelaide, said the university turned to general data analytics tool Splunk when an external security audit revealed problems in dealing with phishing attacks.
‘‘Like many organisations, the threat of phishing attacks pose a growing problem,’’ he said. ‘‘These attacks could result in compromised accounts, which at times can have a big impact.’’
Mr Benwell said the university had tried a number of traditional security and event management products but had adopted Splunk for its do-it-yourself simplicity.
He said further security applications had emerged since. ‘‘Our use cases are expanding across more IT teams. It is very much about using the electronic log data to try and build useful security analytic.
A quite different example of how data analytics tools can aid in security comes from Verint.
Mark Lazar, Verint’s global vice president for identity and fraud solutions, said the company's Impact 360 product uses passive voice biometrics to help call centre operators combat persistent attacks from fraudsters who talk their way past caller verification checks to gain access to bank accounts. From a recording of a caller’s voice the system is able to identify that person on subsequent calls.
Data analytics make this information even more powerful.
“We can take a fraudster’s voice and track it across time and across accounts and see what they are doing to attack a call centre and from that we can develop patterns of how they do their calling: what is the frequency of the calls, what is the order in which they do certain kind of transactions. Those patterns are very different from the patterns that genuine customers use when they're calling.”
Gartner's Litan said the real security benefits of big data are yet to emerge. “Big data analytics is ahead of most organisations' abilities to successfully adopt them, and most vendors have barely begun to prove their software's effectiveness, so it's still early days for this market,” she said.
She urged organisations to start small, but think big and develop a road map that encompasses multiple applications.
“The return on investment on big data analytics is typically too big to ignore.”