Risk
12/2/2013
10:57 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cloud Providers Reveal More Big Data Analytics To Enterprises

Simpler is better for many companies, but an increasing number of firms want access to more data

Cloud services aim to simplify the implementation and management of business applications, a goal that has generally worked well for security services. Yet simplified interfaces and aggregated data can often hide the details that management needs to make decisions about attacks.

Responding to customers' requests for more access to security-event data, cloud providers are exposing customer-specific aspects of their massive data sets to help businesses better defend themselves. Cloud security firm Incapsula, for example, announced last month that it would start delivering to its customers their servers' performance and attack metrics in real time. The company takes millions of transactions across 15 data centers, brings them into a central data repository, organizes them, and then displays the data relevant to each customer. The data can be used by businesses to better react to certain types of attacks, such as application-layer denial-of-service attacks, says Marc Gaffan, co-founder and vice president of business development for the company.

"Now our end user can see, in real time, the transactions hitting their network," he says. "This gives them the visibility to work with us and be more self-sufficient."

Cloud security providers are finding that their customers want more data. For many companies, learning that a threat was blocked is no longer enough. More sophisticated enterprise customers want deeper access to the data on which a decision is based so they can investigate the incident themselves and determine whether they need to take further action.

In some ways, the trend is an adjustment in the cloud services model, says Dean De Beer, chief technology officer for malware-analysis-as-a-service platform ThreatGRID. Companies moved to security-as-a-service to simplify a complex set of processes, but that does not mean they do not want access to the data on attacks or malware targeting their networks, he says.

"The ability for people to really make a difference in the environment without having to have the expertise to set up the infrastructure -- it's huge," he says, adding that companies need to give the sophisticated users of their services as much information as they need to do their jobs. "The end user is saying that they want this data and vendors need to provide it."

[With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities. See Services Offer Visibility Into Cloud Blind Spot.]

Another cloud security firm that has opened the curtains to reveal certain facets of its large datasets is OpenDNS. The company has modified its cloud-based domain name service to go beyond blocking or allowing traffic, and now offers companies the ability to gather additional details about the domains to which traffic is flowing.

Called Security Graph, the service lets customers of OpenDNS's Umbrella service dig down into the data and determine, for instance, whether an attack is part of a mass, opportunistic probe or a targeted attempt to compromise the business. In an opportunistic attack, the company will be one of many OpenDNS customers that attempt to go to a specific, malicious server; in a targeted attack, the company may account for the lion's share of traffic to that server, says Dan Hubbard, chief technology officer for OpenDNS.

"If you see a machine beaconing out to a domain, a cloud solution would say, 'This is blocked as malware,'" he says. "With that sort of response, there is not enough information to determine if this is an attacker looking for PayPal credentials or if this is someone exfiltrating data to a Chinese network."

While using big data analytics for security has garnered a great deal of attention, it typically requires staff with specialized knowledge to successfully implement. Because of their expertise in dealing with large datasets, cloud providers can excel at providing meaningful access to the data, says Incapsula's Gaffan.

"I think big data analytics and security analytics are a core competency for cloud service providers," he says. "They can immediately identify a certain pattern and give companies visibility into the data."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sushantsaraswat
50%
50%
sushantsaraswat,
User Rank: Apprentice
1/6/2014 | 6:58:28 AM
re: Cloud Providers Reveal More Big Data Analytics To Enterprises
HI Robert, nice post. I agree with you completely that Big data analytics is going to be mainstream with increased adoption among every industry and forma virtuous cycle with more people wanting access to even bigger data.

However, often the requirements for big data analysis are really not well understood by the developers and business owners, thus creating an undesirable product.

The success of extracting people oriented Business Intelligence depends upon the ability to collect every possible expression and derive the business observations from it.

There is a need to develop expertise and process of creating small scale prototypes quickly and test them to demonstrate its correctness, matching with business goals.

I have registered for a webinar on Deploy Big Data solutions Rapidly in Cloud through HarbingerG«÷s ABC model (Agile-Big Data-Cloud), it looks a promising one http://j.mp/19xJ6ew
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web