Security remains one of the top unresolved challenges for businesses. Billions of dollars have been spent on security technology over the last 30 years, yet hackers seem to be more successful than ever. Every organization is now under extreme threat, all the time.
Today, hacking is a much more complex art than it used to be: It no longer only involves just scanning and penetrating the network via a vulnerability. Yet the traditional security tools used by most companies are often inadequate because they still focus on this, ignoring what is now a very complex post-compromise chain of events.
Most tools are still role-based, with signatures, detection and response rules. That’s their downfall. Modern complex attack chains have many more phases, from reconnaissance to exploitation, elevation of privileges, internal horizontal spread, exfiltration of data and access persistence over time.
Because much of the innovation in big data and security is now in the open source world, here are some lessons that data scientists have learned and to which security professionals need to pay attention.
Focus on the abnormalities
Data science is all about creating structure with unstructured data and labeling it so you can compare normal versus abnormal patterns via machine or deep learning algorithms. Whether it’s clickstream advertising, buyer sentiment analysis, facial recognition algorithms, predicting a pandemic virus or modeling the spread of malware through a network, it’s the same basic data science. What changes is the type of pattern you detect.
Take customer sentiment analysis, for example, where we are looking for the “normal” buying behaviors of our customers. How do they interact with us? What is normal? It’s all about ignoring the abnormalities and the edge cases and being able to classify the types of normal behavior.
Read the source article at TechCrunch.