Big Data and the Fight Against APT Attacks

Malware threats aren’t new, and organizations have been fighting back for years with reasonable success with antivirus software, firewalls, IPS, IDS and Secure Web Gateways. However, with the rise of Advanced Persistent Threats (APTs), the malware threat landscape has dramatically changed – and not for the better.

APT attacks represent an entirely new breed of threat for four fundamental reasons:

1. APTs are designed by well-funded nation states, “hactivists”, cyber criminals and other adversaries who driven by political, social or economic motives – i.e. they’re nothing like the stereotypical “bored teenager hackers” of old.
2. APTs are persistent, and target an organization over a long period of time – burrowing and harvesting deep within the network for months or even years before they’re detected.
3. APTs penetrate networks in phases and multiple entry points, which means that malicious activity isn’t localized in one place, but instead scattered across the network.
4. APTs are being developed and deployed on a daily basis at such an alarming frequency and volume – often with a zero-day threat horizon — that signature-based anti-virus solutions simply cannot keep up.

Naturally, a new breed of threat calls for a new approach to network security. And the two words that will define that approach now and for the foreseeable future are: Big Data.

Recognizing Patterns & Analyzing Trends

Big Data refers to a process of analyzing massive amounts of data from thousands of sources – including organizational logs, tweets, malicious IP addresses, emails, information derived from other attacks, third party research and more – in order to recognize patterns or anomalies, analyze trends, and ultimately help organizations identify, quarantine and neutralize APT attacks. It’s a level of pragmatic data management and analysis that isn’t just difficult for security teams to achieve; given the sheer volume and complexity of data, it’s often impossible.

Analyzing Current & Historical Data

Big Data’s analytical scope isn’t limited to current data. It also looks at an organization’s historical data from months and years ago, and scans it against an increasing database of malware behavioral profiles, and other data analytical factors, in order to find real or potential threats, and fortify your network from APTs.

Leveraging Cloud-Based Advantages

While the benefits of Big Data analysis are impressive, the resource strain it puts on an organization’s local IT infrastructure (CPUs, memory, etc.) can be severe – and require costly hardware upgrades, or deployment of new data centers. However, when Big Data analysis is performed in the cloud, there’s no strain on local IT infrastructure – which means no upgrades are required. It can also work seamlessly with on-site security products.

At the same time, the Big Data analysis in the cloud also functions as a centralized hub that immediately updates one organization when an APT attack is detected in another organization – even if they’re in completely different industries on different sides of the world.

From Prevention to Detection

Ultimately, the evolution from conventional anti-virus software to dynamic cloud-based Big Data analysis echoes a broader shift in the fight against APT attacks: one that emphasizes detection and response, instead of one that focuses on prevention and reaction. Organizations that embrace this paradigm change can consider themselves well-protected. Organizations that don’t, may, unfortunately find themselves classified by adversaries as that most frightening of all designations: an easy target.