10:57 PM
Connect Directly
Repost This

Cloud Providers Reveal More Big Data Analytics To Enterprises

Simpler is better for many companies, but an increasing number of firms want access to more data

Cloud services aim to simplify the implementation and management of business applications, a goal that has generally worked well for security services. Yet simplified interfaces and aggregated data can often hide the details that management needs to make decisions about attacks.

Responding to customers' requests for more access to security-event data, cloud providers are exposing customer-specific aspects of their massive data sets to help businesses better defend themselves. Cloud security firm Incapsula, for example, announced last month that it would start delivering to its customers their servers' performance and attack metrics in real time. The company takes millions of transactions across 15 data centers, brings them into a central data repository, organizes them, and then displays the data relevant to each customer. The data can be used by businesses to better react to certain types of attacks, such as application-layer denial-of-service attacks, says Marc Gaffan, co-founder and vice president of business development for the company.

"Now our end user can see, in real time, the transactions hitting their network," he says. "This gives them the visibility to work with us and be more self-sufficient."

Cloud security providers are finding that their customers want more data. For many companies, learning that a threat was blocked is no longer enough. More sophisticated enterprise customers want deeper access to the data on which a decision is based so they can investigate the incident themselves and determine whether they need to take further action.

In some ways, the trend is an adjustment in the cloud services model, says Dean De Beer, chief technology officer for malware-analysis-as-a-service platform ThreatGRID. Companies moved to security-as-a-service to simplify a complex set of processes, but that does not mean they do not want access to the data on attacks or malware targeting their networks, he says.

"The ability for people to really make a difference in the environment without having to have the expertise to set up the infrastructure -- it's huge," he says, adding that companies need to give the sophisticated users of their services as much information as they need to do their jobs. "The end user is saying that they want this data and vendors need to provide it."

[With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities. See Services Offer Visibility Into Cloud Blind Spot.]

Another cloud security firm that has opened the curtains to reveal certain facets of its large datasets is OpenDNS. The company has modified its cloud-based domain name service to go beyond blocking or allowing traffic, and now offers companies the ability to gather additional details about the domains to which traffic is flowing.

Called Security Graph, the service lets customers of OpenDNS's Umbrella service dig down into the data and determine, for instance, whether an attack is part of a mass, opportunistic probe or a targeted attempt to compromise the business. In an opportunistic attack, the company will be one of many OpenDNS customers that attempt to go to a specific, malicious server; in a targeted attack, the company may account for the lion's share of traffic to that server, says Dan Hubbard, chief technology officer for OpenDNS.

"If you see a machine beaconing out to a domain, a cloud solution would say, 'This is blocked as malware,'" he says. "With that sort of response, there is not enough information to determine if this is an attacker looking for PayPal credentials or if this is someone exfiltrating data to a Chinese network."

While using big data analytics for security has garnered a great deal of attention, it typically requires staff with specialized knowledge to successfully implement. Because of their expertise in dealing with large datasets, cloud providers can excel at providing meaningful access to the data, says Incapsula's Gaffan.

"I think big data analytics and security analytics are a core competency for cloud service providers," he says. "They can immediately identify a certain pattern and give companies visibility into the data."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/6/2014 | 6:58:28 AM
re: Cloud Providers Reveal More Big Data Analytics To Enterprises
HI Robert, nice post. I agree with you completely that Big data analytics is going to be mainstream with increased adoption among every industry and forma virtuous cycle with more people wanting access to even bigger data.

However, often the requirements for big data analysis are really not well understood by the developers and business owners, thus creating an undesirable product.

The success of extracting people oriented Business Intelligence depends upon the ability to collect every possible expression and derive the business observations from it.

There is a need to develop expertise and process of creating small scale prototypes quickly and test them to demonstrate its correctness, matching with business goals.

I have registered for a webinar on Deploy Big Data solutions Rapidly in Cloud through HarbingerG«÷s ABC model (Agile-Big Data-Cloud), it looks a promising one http://j.mp/19xJ6ew
Register for Dark Reading Newsletters
White Papers
Latest Comment: LOL.
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web