Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/2/2013
10:57 PM
50%
50%

Cloud Providers Reveal More Big Data Analytics To Enterprises

Simpler is better for many companies, but an increasing number of firms want access to more data

Cloud services aim to simplify the implementation and management of business applications, a goal that has generally worked well for security services. Yet simplified interfaces and aggregated data can often hide the details that management needs to make decisions about attacks.

Responding to customers' requests for more access to security-event data, cloud providers are exposing customer-specific aspects of their massive data sets to help businesses better defend themselves. Cloud security firm Incapsula, for example, announced last month that it would start delivering to its customers their servers' performance and attack metrics in real time. The company takes millions of transactions across 15 data centers, brings them into a central data repository, organizes them, and then displays the data relevant to each customer. The data can be used by businesses to better react to certain types of attacks, such as application-layer denial-of-service attacks, says Marc Gaffan, co-founder and vice president of business development for the company.

"Now our end user can see, in real time, the transactions hitting their network," he says. "This gives them the visibility to work with us and be more self-sufficient."

Cloud security providers are finding that their customers want more data. For many companies, learning that a threat was blocked is no longer enough. More sophisticated enterprise customers want deeper access to the data on which a decision is based so they can investigate the incident themselves and determine whether they need to take further action.

In some ways, the trend is an adjustment in the cloud services model, says Dean De Beer, chief technology officer for malware-analysis-as-a-service platform ThreatGRID. Companies moved to security-as-a-service to simplify a complex set of processes, but that does not mean they do not want access to the data on attacks or malware targeting their networks, he says.

"The ability for people to really make a difference in the environment without having to have the expertise to set up the infrastructure -- it's huge," he says, adding that companies need to give the sophisticated users of their services as much information as they need to do their jobs. "The end user is saying that they want this data and vendors need to provide it."

[With employees using hundreds of cloud services, companies need a greater ability to monitor the services for anomalous activities. See Services Offer Visibility Into Cloud Blind Spot.]

Another cloud security firm that has opened the curtains to reveal certain facets of its large datasets is OpenDNS. The company has modified its cloud-based domain name service to go beyond blocking or allowing traffic, and now offers companies the ability to gather additional details about the domains to which traffic is flowing.

Called Security Graph, the service lets customers of OpenDNS's Umbrella service dig down into the data and determine, for instance, whether an attack is part of a mass, opportunistic probe or a targeted attempt to compromise the business. In an opportunistic attack, the company will be one of many OpenDNS customers that attempt to go to a specific, malicious server; in a targeted attack, the company may account for the lion's share of traffic to that server, says Dan Hubbard, chief technology officer for OpenDNS.

"If you see a machine beaconing out to a domain, a cloud solution would say, 'This is blocked as malware,'" he says. "With that sort of response, there is not enough information to determine if this is an attacker looking for PayPal credentials or if this is someone exfiltrating data to a Chinese network."

While using big data analytics for security has garnered a great deal of attention, it typically requires staff with specialized knowledge to successfully implement. Because of their expertise in dealing with large datasets, cloud providers can excel at providing meaningful access to the data, says Incapsula's Gaffan.

"I think big data analytics and security analytics are a core competency for cloud service providers," he says. "They can immediately identify a certain pattern and give companies visibility into the data."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sushantsaraswat
50%
50%
sushantsaraswat,
User Rank: Apprentice
1/6/2014 | 6:58:28 AM
re: Cloud Providers Reveal More Big Data Analytics To Enterprises
HI Robert, nice post. I agree with you completely that Big data analytics is going to be mainstream with increased adoption among every industry and forma virtuous cycle with more people wanting access to even bigger data.

However, often the requirements for big data analysis are really not well understood by the developers and business owners, thus creating an undesirable product.

The success of extracting people oriented Business Intelligence depends upon the ability to collect every possible expression and derive the business observations from it.

There is a need to develop expertise and process of creating small scale prototypes quickly and test them to demonstrate its correctness, matching with business goals.

I have registered for a webinar on Deploy Big Data solutions Rapidly in Cloud through HarbingerGs ABC model (Agile-Big Data-Cloud), it looks a promising one http://j.mp/19xJ6ew
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
WannaCry Has IoT in Its Crosshairs
Ed Koehler, Distinguished Principal Security Engineer, Office of CTO, at Extreme Network,  9/25/2020
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, Americas,  9/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...