How big data is driving smarter cyber security tools

April 20, 2015 by Andreas Krebs

cyber-securityAs big data changes and develops, it's being used to create better, smarter cyber security tools. There is real value to using the big data approach to cyber security - especially when it can be used to identify dangerous malware and more persistent threats to the IT security of big companies that handle a lot of data. The number of data breaches in the news seems to grow all the time, and big data may play a big role in preventing much of that.

Data Storage

One of the ways in which big data can help with cyber security is through the storage of data. Because so much data is collected and stored easily, analytic techniques can be used to find and destroy malware. Smaller segments of data can be analyzed, of course, and were analyzed before big data got started in the cyber security area, but the more data that can be looked at all together, the easier it is to ensure that appropriate steps are taken to neutralize any threats. More data gets screened, and it gets analyzed faster, making big data a surprisingly good choice in the cyber security arena.

Malware Behaviors

In the past, malware was usually identified with signatures. Now that big data is involved, that's not realistic. The signature identification concept isn't realistic on a larger scale, so new ways of handling cyber security were needed as soon as big data appeared on the scene. Instead of signature, big data looks at behaviors. How malware or any other type of virus behaves is a very important consideration, and something to focus on when it comes to what can be done to ensure that data is safe.

When something is flagged as having a unique or different behavior, it's possible to isolate the data that has that with it, so it can be determined if the data is safe. Piggybacking malware onto programs and data that are seemingly innocuous is common, because it lets people pass things through before the problem is realized. When behavior is properly tracked, though, the level at which these viruses are allowed to get through is greatly reduced. There are no guarantees, because malware is always changing and new ones are being developed, but the protection offered by big data is large and significant.

Computing Power

The computer power offered by big data is possibly the most significant reason it is so valuable when it comes to detecting and stopping malware. Fast, powerful computers can process data and information so much faster than slower ones that are not able to harness a high level of power. Because of that, there exists the opportunity for more sophisticated techniques for detecting malware when big data is used. The models that can be built for the identification of malware are significant, and big data is the place to build them.

With the power available, it is becoming easier than ever before to find problems before they get started, so malware can be stopped before it advances through a computer system or set of data. That protects the information contained there, and also the system itself from attack and infection. Those who produce malware continually try to change the game so they won't be detected, but as computer power advances the chances of malware avoiding detection continue to shrink.