Big Data is almost a household term with not a single company out there not delving in it this year. One of the main enablers of Big Data has been the rise of Cybersecurity, and the "rise of the machines" with machine to machine interactions. M2M has caused Big Data to make the headlines with Cybersecurity. These seven myths and facts were compiled from a set of innovation forums where we reflected on the implications of Big Data on Cybersecurity.

7 FACTS ABOUT BIG DATA IN CYBER SECURITY

1. You are Big Data. Much of the world’s Big Data is created as metadata from users’ smartphones and GPS traffic.

Every day you create metadata with smartphone that enable GPS location services. Every picture you take, every Web site you visit, every route you map creates metadata, which is stored and available for analysis. With more than 5 billion mobile phones in use, including more than 1 billion smartphones in 2015, according to research firms, it’s no wonder that many enterprises and government organizations are interested in gleaning valuable content from the information.

2. Big Data tends to be mined poorly in cyber security to build ineffective threat analysis algorithms.

With all the metadata that exists, we are only now figuring out how to make sense of it and how to cultivate beneficial data from it. For one, enterprises traditionally haven’t had the resources in place to analyze metadata. As those investments increase, the mining for trends and useful analysis will increase as well.

3. Big Data in cyber security is automating tasks that used to involve tedious manual labor.

Software companies are developing tools that can not only analyze metadata, but also automate tasks to more quickly make use that data to their advantage. This allows companies to both be more flexible, but also make the analysis of Big Data much less costly than in the past.

4. Big Data is used in cybersecurity to categorize and classify cyber threats the same way Google ranks pages.

As more information is gleaned, algorithms for categorizing and classifying malware are being developed to help security providers. Most software companies use Big Data in four ways: first, to discuss CART (Classification and Regression Trees) for predictive classification of event modifiers; second, to make use of Shewhart Control Charts for outlier threat detection; third, use Splines for non-linear exploratory modeling; lastly, apply Goodness of Fit principle to check for stability of historical threat data and constructing a parsimonious model.

5. Big Data theory is moving faster than the reality of what an enterprise is capable of from both a technology and manpower standpoint.

Since much of Big Data is derived from user-centric behavior and usage, it moves lot faster than what an enterprise typically generates from its application systems. The 70% of the digital universe has been created by individuals not corporations. Even though the IT department of the enterprise store, protect and manage 70% of the digital data, the real power play is in the users’ hand. The user is in charge (not the IT department) and the epicenter for producing majority of the world’s digital data is in the hands of the users.  Big Data tsunami has caused technologies to be modernized to solve security challenges. What used to be stored in conventional RDBMS and later in NoSQL databases are insufficient and cannot be accessed by direct record access methods. The current technology of choice is not conventional RDBMS but a map-reduced database like Hadoop that operates off distributed hardware substrate.

6. Big Data is creating major shift in visualization of breaches and cyber-attacks.

Visualization of objects in excess of a few billion requires thinking differently. For instance, imagine the complexity of modeling huge data sets that grow in size in part because they are increasingly being gathered by ubiquitous information-sensing mobile devices, aerial sensory technologies, software logs, cameras, microphones, radio-frequency identification readers, wireless sensor networks. Right now, the largest memory requirements for visualizing Big Data working sets can’t be addressed by conventional computing models. That’s why the science of visualization has to be re-imagined and re-visited to visualize the looms in the data patterns in the case of events like privileged access violations, breaches and frauds.

7. Yesterday's endpoints have shifted to the users, with the proliferation of BYOD user devices are the today's endpoints.

With the advent of BYOD as the norm in the corporate environments, the real vulnerable endpoint of enterprises has turned out to be handhelds and smartphones. As more smartphones connect to corporate networks and data, it increases the vulnerabilities organizations face trying to secure all those additional points of entry in terms of cyber security.

7 FICTIONS ABOUT BIG DATA & CYBER SECURITY

1. Cyber security companies are equipped to handle the volume and velocity of Big Data.

Like every business, security companies are also learning to wrap their hands around Big Data, eliminating potential vulnerabilities to ensure that the data is cleansed and cleaned for analysis. As the concept of Big Data grows and evolves, security companies also must perpetually grow and evolve too.

2. Security developers are easily extracting value from collected data.

There’s a saying “You don’t know what you don’t know” that applies to intelligence and cybersecurity analysts. Without proper analysis tools in place, one isn’t able to extract valuable content from the collected data. Only with those analysis tools, algorithms and applications can developers truly garner valuable insight from collected data.

3. Analytics is ready-made for security.

From the phrase “finding a needle in the haystack,” analytics is useless in “haystacks” of data where there are no “needles” to begin with. The hype has caused us to create massive data stacks with poor references (or indices) around those stacks. Any data analyst will attest to the fact that a better index of smaller datasets yield better analytics than a larger dataset with lame indices.

4. Leveraging Big Data in a cybersecurity context is as simple as using it for any generalized purpose.

Leveraging Big Data must first address the point in Fiction No. 3, that analytics is ready-made for security. Second, establishing a security “context” is the next problem. Security context can be established connecting the relationships (after map reducing the data itself) between data sets to reveal valuable insights in the patterns that were previously not correlated or compared. Mining for trends requires data to be managed coherently at first. Similarly mining for relationship requires trends be understood. Only after you have the data map reduced, and the trends in it understood, you can then mine for relationship among the trends of the map reduced data farms. Only after all of these prerequisites are achievable, you can establish the big security context of Big Data. Think of cybersecurity context as the metadata fabric of relationships, which is lot more powerful and useful for visualizing risks, threats and predictive analytics.

5. Big Data will cause major change in the cyber security industry within the next year.

No, the major change in the security industry will be in identifying anomalies that can be identified as advanced security attack vectors. Big Data and cyber security algorithms will join together and work in concert to realize value for businesses.

6. There is a belief that Big Data sets offer a higher form of intelligence that can generate insights that were previously impossible.

That’s not true by itself. We need to develop more algorithms that can offer more intelligence, not bigger data sets. The two kinds of algorithms are: Bayesian algorithms, which deal with prior occurrences, and predictive analytics, which is forward facing. Looking at the future, Big Context in security is going to be more innovative than Big Data in security.

7. Big Data searched with naive algorithms fails to yield what little data can yield using smarter algorithms.

It should be about the algorithms and not about the data. Better precision and better searching techniques will trap the breaches. Better algorithms and lesser data stacks will provide more value than lesser algorithms and Big Data stacks. The better net will catch better stuff.