- 4/27/2015 12:44:48 PM
Jim it's an excellent point in the rush to do ever more many did not anticipate how quickly the cyber threat risk would grow. Now it's time to play catch up and I am glad to see the tools are evolving to help companies do that, only time will tell if they become more effective at evading the hackers or at least minimizing the damage.
- 4/24/2015 8:11:22 AM
I think the inability for companies to know what "normal" is on their network -- something that analytics can help to address -- comes down to a combination of the ever-increasing complexity of the network and the applications/users it supports, lack of sophisticated tools, and lack of people/budget in the IT group. We've all been so aggressive in adding network capabilities that we haven't had a chance to stop and look at what we have.
- by Broadway0474, Blogger
- 4/23/2015 9:02:51 PM
Maryam, that's a fantastic and sad point: that's companies don't even know what their normal looks like. Is that because of lack of trying, lack of know-how or because normal always changes too fast to keep tabs on?
- 4/23/2015 1:43:57 PM
Jim, exactly so many of the recent data breaches took months to discover because companies didn't know what normal looked like in their companies. Once companies understand normal and can compare activity from points in time the hackers will have a tougher time getting the information they are seeking. If this application can help companies model this faster and more effectively it will certainly be a win and have benefits to to their companies in similar industries. We may even get better at catching the criminals!
- by Robert Allison, Blogger
- 4/22/2015 1:27:07 PM
Wow - they've got an impressive map! (and even more impressive if they're plotting current real-time data!)
A few years ago, I created a proof-of-concept map (using SAS) to display the locations of 'attacking' IP addresses! ...
- 4/22/2015 1:14:19 PM
@Maryam. You just hit on a key point. Analytics can show security professionals when there is abnormal activity on the network. However, to know that you want the analytics to show your clearly what "normal" is. That's step one.
- 4/22/2015 1:12:25 PM
@Seth. I guess crime does pay. A hacker doesn't even have to make direct use of the information they collect on their own. The value of data is such that you can make money by selling that data from a breach, and sit back and let others do what they will with it.
I think the real burden falls on the various nations to take cybercrime seriously. However, the criminals will be quick to point out the hypocracy of national governments cracking down on hacking when they are doing it themselves. That's one of the facts that becomes very clear in watching the NORSE map operate.
- by SethBreedlove, Data Doctor
- 4/22/2015 12:57:10 PM
If I had my life to do over would per chance go into organized crime, I would most certaintly become a hacker in a foreign country; where I could happily steal millions while lounging safely on a beach with out the fear of arrest.
It is a crime that is not going to go away. If states and feds legalize marijuana or other drugs, organized crime will have to focus on hacking and human trafficking (or politics). So it will only get worse.
- 4/22/2015 12:45:20 PM
Jim absolutely and the tracking of regular and irregular activity can alert companies to possible threats early in cycle rather than when a hacker has understood all the system nuances and vulnerabilities.
- 4/22/2015 11:59:02 AM
@Phoenix. I think access rights is one area of operations where analytics can take the place of humans. Consider that the issue isn't just that end-users who have access rights leave the company or move into new roles or third-party partners are severed, but that there is human turnover within the IT team that administers rights. If you are a sys admin and don't know what rights were granted by your predecessor, something is sure to fall between the cracks.