Discover Performance

HP Software's community for IT leaders // May 2013

Combating threats, inside and out, with big data

Find out how new technologies can help you identify a wide range of threats by finding—and understanding—the data clues they leave behind.

The adversaries of a secure enterprise are, by and large, the same as they have always been: hackers, thieves, and disgruntled employees. What’s changed is how they plan and carry out attacks. Most use the Internet and social media to communicate and organize malicious acts, making their attacks more clever and concentrated.

To counteract the increasing sophistication of the attack surface, enterprise security professionals need immediate insight into potential threats as they happen, with specific information about the who, what, where, and when of each incident. And, increasingly, the only way to get it is from big data.

A recent HP Enterprise Security webinar tackled the intersection of big data and risk management. A key theme: data in emails, attachments, social media, instant message sessions, and so on are the best sources of precise information on threats to individual businesses. Once collected, organizations have access to a powerful combination of analytics and sentiment analysis that can identify at-risk information before any damage is done.

Knowing your enemies

To understand why big data analysis is so critical to rapid attack identification, it’s important to understand how malevolent individuals inside and outside your organization use Internet-based communication channels to carry out attacks.

Understanding the insider attack surface—Insiders have always been a source of worry for enterprise security. But email and social media are making it easier than ever for employees to advertise grievances, which can damage company reputation or even attract nefarious individuals looking to launch a socially engineered attack. Moreover, insiders frequently use email to move sensitive or confidential data from within the network to an unsecured location.

Common sources of insider threats:

  • The content of emails, attachments, chat sessions, and file transfers
  • Social media posts with negative sentiments—e.g., reviews

Understanding the outside attack surface—Hackers are more organized than ever and frequently utilize crowdsourcing to increase the virility and redundancy of an attack. But a successful crowdsourced attack requires publicity. Hacktivist groups such as LulzSec and Anonymous routinely communicate out in the open, using public social media venues that businesses can monitor to identify threats specific to their organizations. Common sources of outside threats include notable social media outlets for hackers and hacktivists, such as Twitter handles and Facebook pages.

Until recently, it was very difficult, and often impossible, to monitor these data sources, for two reasons:

  1. The data composes a massive volume that changes rapidly
  2. Much of the data is unstructured, in the form of email attachments, chat, audio, and video, which machines could not easily read or understand

Fortunately, new big data technologies are capable of dealing with the complexities of both of these conditions. Big data analytics systems can collect and analyze massive volumes of data from many sources and perform near real-time analysis even on rapidly changing or unstructured data.

Moreover, new technologies can score the sentiment of data contents, ascribing a reliable estimate of the relative negativity of the communication. This enables reporting that can risk-rank social media posts, allowing security investigators to easily find tweets and other communications that are most likely to be threats.

As a result, enterprises with industry-leading secure practices are supported by solutions that can:

  • Monitor social media in near real-time for negative remarks and/or threat preparations
  • Give visibility into unstructured data, allowing for the rapid identification of leaked files containing proprietary information or negative remarks
  • Leverage business context to identify different types of at-risk data, such as HR data, customer data, or source code

Coming to a SOC near you

While these technologies are still maturing, the inarguable value they impart to enterprise security will result in rapid adoption. Over time, they will become more predictive and will be leveraged for network, user, and fraud monitoring in addition to attack mitigation and data loss prevention. Expect to encounter these technologies in most security operations centers soon.

To learn more about the opportunity to use big data analytics in the defense of your organization, view the webinar “Enhance Your Security Operations with Big Data.”


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Enterprise 20/20

Security 20/20

Preparing today for tomorrow’s threats.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPSecurity