Big data analytics is the process of collecting wide arrays of data and applying sophisticated technologies, such as behavioral and machine learning algorithms, against them.
Let’s Define Big Data
In the context of next-generation endpoint security, the data arrays come from endpoints scattered across any given enterprise, including computers, servers, mobile devices and IoT devices, and threat intelligence gathered from security researchers, vendors and public databases. This data is used to provide a predictive approach to endpoint security.
Next-generation endpoint security today is all about keeping pace and staying ahead of attackers. And one of the only ways to do so is through comprehensive insights that can only be derived from big data analytics. Without big data analytics, companies can only focus on finding and stopping known methods and attacks, which leaves them vulnerable to new and emerging attacks. Security people must be able to predict and prevent not only known attacks, but future and unknown ones too. Innovative processes like big data analytics take advantage of all available data – unfiltered endpoint data, event streams, attackers’ tactics and techniques, global threat intelligence, and more – to provide the most comprehensive protection possible. With the power of big data analytics, security teams can uncover the most disruptive and damaging hidden tactics, identify root causes, and stop malicious threats before they are fully developed.
In its 100 Data and Analytics Predictions through 2021 Gartner suggests that big data and analytics are expected to become even more mission-critical for almost every business, in every industry. This is already occurring in endpoint security.
In fact, research from Enterprise Strategy Group (ESG) indicates that 38% of organizations collect, process, and analyze more than 10 terabytes of data as part of security operations each month. This includes everything from firewalls and security devices to log data from network devices, user activity, and applications.
Not all organizations are taking advantage of the potential of big data analytics however. That’s because they have yet to move their IT and security systems to the cloud, generally due to operational, resource and cultural constraints.
The analyst group Wikibon recently share a key trend about how the convergence of siloed big data in the cloud is speeding enterprise time-to-value. This is particularly evident in endpoint security.
As companies recognize the need to collect vast amounts of data, they need the storage and processing power of the cloud to maximize the value of this data. With endpoint security in the cloud, companies can start to connect the dots between individual events, identifying and tracking “event streams” to stop attacks in progress and assess the root cause of them. Security personnel now have the power to combine their own data along with global threat intelligence to make discoveries that result in protection that comes into play in advance of threats becoming major incidents or breaches.
The cloud provides massive processing power that allows for the analysis of hundreds of billions of individual events, which in turns enabled the ability for companies to predict new threats – not just those based on malware, but also fileless threats that are becoming more problematic and more pervasive. It drives the ability to solve security problems that aren’t getting solved today.