As an organization’s digital footprint expands and more devices, sensors, and cloud-based services are connecting to the network, we’re seeing unprecedented amounts of data collected and stored. But, these new digital venues are continuously expanding the attack surface.
Organizations are deploying a variety of security tools to prevent network compromise and secure their data. As more companies realize that prevention is futile, cybersecurity professionals are increasingly looking at detecting attacks in progress and need solid data analytics in order to do so. One critical aspect of this process that’s often overlooked is data management — it’s not enough to simply capture and store this growing data, it needs to be optimized for security analysts to be successful in stopping attacks.
Data Management Challenges
The average organization has several cybersecurity products in play to protect the network but each individual tool only addresses one piece of the puzzle and also generates separate data and reports. This results in too many alerts and false/positives to investigate to find the true suspicious activity. Analytics will allow organizations to prioritize threats and actions that will lead to faster incident response.
The problem is that getting to the right data is a complicated process. Data collected in log and data files use different naming and formatting conventions; some data is structured, while other data is semi-structured and it’s all coming from many internal and external sources. Security analysts not only need knowledge of —and access to — all the data sources to pull it into an integrated source for analysis, but also need historical data to establish a baseline of normal behavior.
Data Management as Part of the Cybersecurity Solution
Data management plays an important role in the security analytics process. Much of the data today is not ready for security analysts to use in an efficient way, and by creating a data environment that’s easy to navigate, access and understand, database managers can remove barriers for security analysts to do their work.
Database managers must ask some critical questions to adapt data analysis for cybersecurity:
- Is the data formatted in a way that will allow for efficient retrieval and analysis?
- Can large volumes of data be quickly queried for drill down to data sources?
- Can multiple data sources be integrated and analyzed together for security purposes?
- What and how much data will need to be stored for security analysis purposes – and for how long?
- Is the environment flexible enough to support the kind of investigation and analysis functions the security team needs?
- Is there cross-functional cooperation between departments to support analysis of data such as network traffic flow?
More Challenges Lie Ahead
Historically, database management hasn’t been on the security professionals’ radar. To add to the complexity, cybersecurity has been based on a siloed approach but now that the network borders have all but disappeared it requires an integrated approach.
It’s not enough to address the technology problem — data management for cybersecurity is also a people and process problem. In order for security analysts to do their job, we need to adapt data management standards to the security side of the house. Best practices from data management in other parts of the organization need to be added to the process in a way that provides better protection through visibility not only into the network but the entire infrastructure.
Ntirety, a division of HOSTING, analyzes and optimizes database workflows and applications by determining the personality of each dataset and developing a different approach that will lead to data-centric security. We believe the structure of your data is critical to gleaning insights from your data to stop attacks. Other services we offer include remote DBA, DBA OnDemand, and database consulting services and we work with leading vendors such as Oracle, Microsoft, and VMWare. Contact us for more information.