IT Security’s 8th Sense – How Big Data and Human Behavior Provide an Edge
Big Data is a revolution that in my opinion is equivalent to other epiphany moments such as when humanity (i.e. Galileo) identified that the sun isn’t moving. It’s our planet that moves around it. Science and discovery have changed the way people perceive the world.
These and many other revolutionary discoveries enhance human intelligence beyond the common human perception of how “things” behave. Big Data brings its own abstract of reality. With the help of machine learning algorithms, humans can discover patterns in data that are beyond what a human brain can obtain or even understand in some cases.
The 8th Sense
Like in the show Sense8 where there is a mental link between people that connects them and helps them understand things that they would not otherwise, there is a similarity with Big Data processing and humans. Big Data helps us find things that we would not normally be able to achieve. We are used to figuring out problems and transforming them into knowledge/data. We look at data and gain a comprehensive understanding of it. Data visualization adds another layer of recognition. When we contextualize the data by adding more information it creates more dimensions making it even more unique and valuable.
In IT Security, it takes technology, code and humans to make sense of all the data. What used to seem like useless data yesterday may be much more valuable today with the right context and approach to looking at the information. New interpretations of data builds the use case narrative. We can predict behavior that may lead to detecting the next threat. Combining Big Data with human behavior and response is what gives IT Security an 8th Sense.
Each Human is a Sensor
For perspective, let’s look at an example outside of cyber security. In Boston, drivers can install an app that collects data from phones, such as changes in acceleration or deceleration, and reports back to Street Bump to improve road conditions. This app is a great example for showing how the way data is analyzed gives greater perspective. The point here is not to look at tons of data but rather look for the stories that can be told by the pieces of information that is collected. This storytelling is the algorithm that data scientists develop on top of the data model in order to produce the desired results.
A second example is social media. In essence, social media uses hundreds of millions of people as sensors and everything they do contributes to their own benefit and to the ecosystem. The synergy is beautifully aligned and produces wisdom which has huge potential to do good if used “correctly.” For example, it can predict trends–whether it be politics, fashion or spread of diseases–just by analyzing people’s feeds, views, searches, opinions, likes, location and other attributes.
Making the right choices of what data to look at, as well as how and where to look at it, while balancing between privacy and security is a crucial part of this process. The key point here is the human contribution across the network.
In enterprise networks, every employee is a human sensor. Crowdsourcing security intelligence isn’t a new thing. It is used in many aspects of security. The dominant implementations of security crowdsourcing today are in the areas of phishing, malware, DDoS, fraud detection and others.
What is really exciting is how we can now use data with behavioral analytics and human response to provide even more context and help us with more accurate threat detection. For example, an employee’s laptop may have an endpoint solution installed that identifies and alerts on potential threats. There are also corporate apps, IAM apps and other work related components that can be channels to collecting data. If we use these multi channels to engage employees based on user behavior and the context of their activity, and give them an easy way to provide a response or validation (whether interactively or not) then we gain wider visibility and control over network activity.
Ingesting human response as an additional contextual feed to the Big Data being examined can make a big difference. It changes the way we look at data because now that data is considered validated by a human.
When we look at the broader picture, Big Data and the algorithms used to process it, are making changes to the way we deal with data. Although we believe it will change in the future (AI anyone?), for now there is no replacement to the human for providing real feedback. Adding the human factor into the equation is what transforms Big Data Analytics from just being a technology into being a “sense” that can detect.
To learn more about User and Entity Behavioral Analytics can more effectively detect and prevent breaches and insider threats, download the whitepaper.
Posted by Eran Cohen on March 9, 2017 7:45 AM