Intelligence-led Security is a knowledge-based approach to detecting and predicting threats to security. The data sets used in the analysis include things like network packet capture, sensors, compliance monitoring, threat intelligence, and application and network audit logs. Intelligence-led security works by applying Big-Data analytic techniques to d
As large data sets from virtualized environments are increasingly being collected, it becomes possible to construct a baseline signature of what normal behavior looks like and to compare on-going operations against that baseline to identify and highlight deviations from the historical norm.
A white paper by security vendor Cyveillance describes intelligence-led security as : “an emerging knowledge-based paradigm that is the opposite of local and reactive. It looks for leading indicators among a wide range of global intelligence sources. The shift from tactical, trailing-indicator security to expansive, intelligence-led security is already visible at leading companies that are starting to use findings derived from the public Internet as an early-warning system that can detect and predict threats from both the cyber and physical worlds.”
Big-Data analytic techniques for example can be used to try to detect Advanced Persistent Attacks (APT). APT-style attacks are very unlike standard malware and typically occur slowly over a long period of time, and traditionally have been very difficult to identify. The hope is that Big-Data will be able to analyze and correlate data from many different sources and to then identify and flag potential problems.
The on-line site SearchSecurity quotes Neil MacDonald, Gartner vice president, said that “by 2016, 40% of enterprises – led by the banking, insurance, pharmaceutical and defense industries – will actively analyze patterns using data sets of at least 10 terabytes in order to flag potentially dangerous activities.”
