With the world’s volume of stored data doubling each year, an opportunity exists for organizations across the globe to analyze that data and use it to add business value, particularly as it relates to defense and cybersecurity, according to Matthew Kuckuk, CGI Group’s data analytics global practice leader.
Kuckuk is lead author of “Data to Diamonds,” a new guide to data analytics released by CGI, the fifth largest independent information technology and business process services firm in the world. He is also an adviser to the University of California-Berkeley’s Department of Industrial Engineering and Operations Research.
Kuckuk spoke to Homeland Preparedness News recently about the use of big data in cybersecurity. The interview is edited for length.
You’ve just released the second volume of a book called “Data to Diamonds.” What can you tell us about it?
It’s meant to do a couple of things: one is to demystify the idea in a lot of people’s minds that big data and analytics is some kind of a black art or an occult. The concepts are very understandable. Although there is a lot of power to data and a huge amount of potential power to make our lives better and to make businesses and organizations run better, there are certain key things that need to be considered to actually get a valuable application using data.
There is a bar that has to be met, which is that there has got to be a business value or human social value that comes from it that makes it worth the effort. Just seeing an insight or a correlation or developing a predictive model isn’t enough. There has to be a mechanism for realizing that value in whatever aspect of life that is. Practically speaking, yes, there is lots of data, and now where are the concrete steps that need to be taken to actually realize value from that data.
What are some of the cyber threats posed to U.S. institutions, businesses and government agencies from the use of big data?
The majority of the concerns that companies and the government organizations that we work with are concerned with relative to big data has to do with theft or damage of that data itself. There are a lot of very creative people out there who are trying to do damage to these institutions and they may come up with new and worse things that we have to protect against in the future.
What types of strategies do you recommend for thwarting attacks in cyberspace?
One of the things that we are advancing on very rapidly is the actual use of analytics to control and to withstand cyberthreats more quickly and accurately. Because of the fact that cyberdata, in other words, the kind of data that is used to predict and prevent cyberattacks, is itself big data, we are taking a couple of different avenues to use analytical techniques to understand, prevent and to more quickly discover cyberthreats when they occur.
Any kind of intrusion detection and intrusion prevention can be thought of as rules driven. But because they are based on rules, those rules can be tuned and optimized over time and we are getting better at optimizing, changing and tuning those rules more quickly in response to the threats that are out there.
How can data analytics be used to identify or anticipate cyber threats?
There is a lot of information available on threat intelligence and there are services that provide information to organizations about emerging and zero day threats. That information, combined with the kinds of very large amounts of information that is available from a company’s networks, can all be put into an analytical engine that shows all of the activity that has been seen in the past and what is now being seen that represents threats.
For example, in any crime or security application, the activity seen runs across the full spectrum: innocent activity that looks suspicious, simple errors and a lack of attention to procedures, mild attacks and very sophisticated scale damaging attacks.
There is also a spectrum between unsophisticated and extremely sophisticated attackers. By using the knowledge of what is easy to detect and easy to prevent and automating the detection and prevention of that to a large extent, and concentrating efforts on readily adapting detection of the more sophisticated and potentially more damaging threats, then an organization can balance the work and costs necessary to protect themselves.
In your book, you recommend a “data scientist” approach to implement early warning systems of cyber attacks. What do you mean by this approach and how is it different from what others are doing in the market?
The data science approach simply means you do as much as possible with the available data techniques to understand the factors that lead to successful attacks, and then work backwards using data science, finding correlations, finding pattern anomalies, departures from normal patterns of activity. By using a number of techniques available to the data scientist to understand those correlations, you can understand whether you are talking about very low level, unsophisticated threats that are still a nuisance or whether they’re very sophisticated threats. I think many larger, more advanced companies or organizations are doing something like this, but the state of the art keeps advancing.
What types of visualization or mapping techniques – the use of better graphical techniques to see patterns in data that might not otherwise be obvious – can help the users of big data identify potential threats?
There are many things that are virtually impossible to see with simple graphics, or just by looking at the numbers and data. But as you use higher dimensional and more flexible and well-crafted visualization techniques, such as the use of color or the use of data clouds, different dimensions and patterns and relationships become apparent. It is possible to use the same kind of techniques used in 3D movies to make the images literally go off the screen and turn them in space and see patterns that way.
What else do you think organizations should know about the use of big data in providing security for their systems and infrastructure?
The use of big data techniques in cybersecurity is advancing rapidly and has a lot of promise for providing additional security, but it can’t do it all in isolation. There are a number of aspects of cybersecurity that have to, in order to truly create a secure organization, need to be done above and beyond that kind of monitoring and interception of threats or response to threats.
There are, for example, insider threats and other types of threats that have to be layered on top of a big data-driven approach as well. Even though we have a great deal of faith and have seen a lot of promise in the use of data science, big data analytics techniques for cybersecurity is by no means the whole story. You would think that as a big data guy I would think that analytics can do it all, but I’m realistic about these things. It exists as part of an overall plan.
Do many organizations have an overall plan to combat cyberthreats?
Organizations are developing an overall plan. They see the news, they see what’s happening with their systems and their network staff is telling them about the volume of threats that they’re seeing. There are some very compelling reasons for businesses and government to be paying attention to cybersecurity. And there is always the cost. They can’t spend their whole budget on cybersecurity, but more leaders are recognizing it is an area that needs to be addressed.
The other aspect is digital transformation and the computerization of everything. There is a whole digital revolution going on right now that is of the same scale and maybe even bigger than the original internet revolution. And big data and cybersecurity are just two aspects of that bigger digital transformation trend. One of the key things in cybersecurity is not just about there being more bad guys out there, but that the different kinds of cyber and information technology entry points are growing all the time. Companies and governments are providing more ways of communicating with them and accessing them using different kinds of devices. So that’s the good side, there are a lot more convenient, more timely, more easy to use ways of interacting with our companies that do business and with the governments. But the downside is there are more ways to attack. I know the leaders that we talk to are seeing both of those things happen at once.