非结构化数据:你看不到的威胁

Unstructured Data: The Threat You Cannot See Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don’t control.Every day, IT security teams are inundated with data — security events, network flows, configuration information, and so on — which then must be collected and analyzed for potential vulnerabilities. Your team probably has a solid, established approach or even a documented strategy for doing this. If so, great. But is that enough?
The data collected by most security tools, such as firewalls and antivirus software, is structured — that is, organized in an easily searchable, relational database. Structured data, however, amounts to only a small portion of a larger, more complicated puzzle. It’s the remaining unstructured data that security teams struggle most to collect, analyze, and act upon — and the amount of unstructured data only continues to increase.
Think of how much security data flows from sources you don’t control, including the massive swaths of unstructured data living on the Deep Web — from blogs, forums, or bookmarking sites. This unorganized, often text-heavy data accounts for a majority of the Internet’s data. IDG believes unstructured data is growing at the rate of 62% per year, and that by 2022, 93% of all data will be unstructured. How can IT teams keep pace? The answer could lie in cognitive security — the use of big data platforms, data mining, AI, and machine learning to analyze raw data whether structured and unstructured.
But first, let’s examine the problem.
Why It MattersUnderstanding the magnitude of this issue requires examining the foundation of current security measures. Traditional security focuses on mitigating external threats — perimeter defenses to ward off the bad guys. As such, we often focus our security strategies on firewalls, antivirus software, and secure passwords.
Security innovation has almost always had this perimeter philosophy at its core. However, a myopic focus on perimeter protection severely limits the overall security strategy, potentially rendering it ineffective without complementary, proactive measures in place.
Consider the average IT organization’s reaction to the hundreds of thousands of daily security events. The process for today’s security teams involves analyzing data from antivirus software and firewalls, and then correlating that data to create a story, which in turn helps inform a solution.
In the process, security professionals are left with mountains of events to manually analyze and execute. Meanwhile, when they’re busy responding to old threats, new threats continue to arise undetected. Consequently, the entire team finds itself fighting fires instead of solving or preventing problems. That doesn’t leave much bandwidth for data aggregation and analysis.
Unstructured, Untold, UnknownNext, let’s think about how we, as IT professionals, share and consume security information, particularly during a major crisis. The current norm for security professionals is to update websites and social channels to explain how they’ve addressed a particular security issue and simply hope it reaches all relevant and necessary parties. Take, for example, this year’s WannaCry attack.
The first real solution offered to organizations affected by WannaCry was explained via Twitter, by a user known as MalwareTech. Although certainly helpful, social is by no means a perfect means of circulating widely sought, urgent information to security teams around the world. Merely posting online assumes that in the middle of a major crisis, frantically busy security professionals are manually scouring the Internet for the information you’re providing — something few people have time for in calmer times, let alone when the proverbial sky is falling.
Information sharing is critical to IT security — not only within individual organizations, but in the security industry as a whole. We rely on one another to share information about new and known threats, and often benefit from each other’s knowledge and experience. Unfortunately, the majority of information generated and shared by security professionals about breaches, threats, malware, etc., is unstructured, and thus much more difficult to unearth and apply in real time, particularly during critical security events that require immediate action.
How much time is lost and how much damage done, simply because we lack access to or awareness of viable solutions provided by our industry peers? Or because we lack a strategy for gathering and analyzing the flood of unstructured data at our disposal? This is where cognitive security offers vital, immediate benefits.  
Welcome to the Cognitive WorldA cognitive approach uses AI, data mining, and machine learning technologies to parse through thousands of security feeds and data sources — including the low-key, often invisible world of white- (and black-) hat bloggers and discussion forums — to aggregate and analyze unstructured and structured security data. Meanwhile, a security professional works to perform predictive data analysis, ultimately training the system on best practices, organizational policies, and more.
Over time, the system begins to learn on its own, including how to prioritize events and recommend responses. While cognitive security cannot replace existing security tools — antivirus software, for instance, or intrusion prevention systems — the data generated can be plugged into traditional perimeter defenses. As a result, IT pros gain a better understanding of their data’s meaning and how to convert insights into action.
Beyond the PerimeterUnstructured data will only continue to proliferate. It’s time to get ahead of it so that security teams can better locate analyze and respond to threats. That requires thinking beyond the perimeter and embracing security technologies that will bolster traditional defenses and provide a more proactive, intelligent security strategy. 
Related Content:
10 Security Product Flaw Scares
How to Live by the Code of Good Bots
Security Orchestration & Automation: Parsing the Options
Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.
非结构化数据:你无法理解为什么安全团队需要对那些从他们无法控制的资源中不断增加的数据量采取认知的方法。每天,IT安全团队都被大量的数据淹没。
大多数安全工具收集的数据,如防火墙和防病毒软件,都是结构化的。
想想多少安全数据流从源你不控制,包括非结构化数据p Web的大片
但是首先,让我们来研究这个问题。
为什么它mattersunderstanding的幅度这个问题,需要对现有的安全措施的基础。传统安全主要集中在减轻外部威胁
安全创新几乎总是以这种核心理念为核心。然而,对周边保护的短视关注严重限制了整体安全战略,如果没有补充性的主动措施,可能会使其失效。
考虑一下IT组织对数十万日常安全事件的反应。今天的安全团队的过程包括分析防病毒软件和防火墙的数据,然后将这些数据关联起来创建一个故事,这反过来又有助于通知解决方案。
公司应履行的信息系统安全管理职责包括:组织公司员工信息系统安全教育与培训。
在这个过程中,安全专业人员会留下大量的事件来手动分析和执行。与此同时,当他们忙于应对旧威胁时,新的威胁仍然未被发现。因此,整个团队发现自己在救火,而不是解决或预防问题。不离开数据汇总和分析大量的带宽。
非结构化的,数不清的,UnknownNext,让我们想想我们,作为IT专业人士,分享和使用信息的安全,特别是在重大危机。安全专业人员目前的标准是更新网站和社交渠道,解释他们如何处理特定的安全问题,只希望它能触及所有相关和必要的当事人。采取,例如,今年的想哭的攻击。

北京万通地产股份有限公司关于控股股东持有万通控股股份变动的…
第一个真正的解决方案提供了受WannaCry影响的组织是通过推特解释,被用户称为malwaretech。虽然这当然有用,但社会绝不是向世界各地的安全团队散发广泛寻求的紧急信息的完美手段。仅仅在网上发布的信息是,在一场重大危机中,疯狂忙碌的安全专业人员会在网上搜寻你所提供的信息。
信息共享是信息安全的关键
损失了多少时间,造成了多大的损害,仅仅是因为我们缺乏对我们行业同行提供的可行解决方案的认识?还是因为我们缺乏收集和分析非结构化数据洪流的策略?这就是认知安全提供了重要的、直接的好处。
欢迎来认知世界的认知方法使用人工智能,数据挖掘,机器学习技术,通过解析数千安全饲料和数据源
随着时间的推移,系统开始自己学习,包括如何优先考虑事件和推荐响应。而认知安全不能取代现有的安全工具
在perimeterunstructured数据只会继续扩散。是时候提前做到这一点,以便安全团队能够更好地定位分析和应对威胁。这需要超越边界的思考,拥抱安全技术,这将加强传统防御,并提供更主动、更智能的安全策略。
相关内容:
10安全产品缺陷恐慌
如何生活的良好机器人代码
安全业务流程
加入深阅读两天实际网络防御的讨论过。向业界学习
制定禁止使用社交网络这一信息安全策略,相信是个艰难的决定,不过,现在的攻击者都很会利用搜索引擎和社交网络来发掘组织的机密数据,确实,社交网络很危险啊。

猜您喜欢

ISACA中国专家委员会主任委员彭劲松:用云计算前你梳理IT架构了吗?
轻松实现安全意识
网络安全法宣传片 002 国家网络安全的现状与重要性概述
小丁新女友疑曝光 国庆期间同赴队友婚礼(图)
CREATEFORLESS JAKONRATH
安全教育工作急不来忽视不得