Inventory: 6 main points of Enterprise's security analysis of large data

Now, many industries have started to use large data to improve sales, reduce costs, precision marketing and so on. However, in fact, large data in the network security and information security has also been a significant application. In particular, the use of large data to identify and identify risks and vulnerabilities.

With large data, one can analyze a large number of potential security incidents and find out the links between them to sketch out a complete security threat. With large data, decentralized data can be integrated, enabling security personnel to adopt more proactive security defenses.

Today, http://www.aliyun.com/zixun/aggregation/16327.html "> network environment is extremely complex, Apt attacks and other cyber attacks can discriminate against security threats by searching and analyzing data from different data sources, and to do this requires monitoring of a range of data sources, including DNS data, commands and controls (C2), Black-and-white lists, and so on. So that the data can be associated with the hair embarrassing.

Enterprise-wide data analysis for security The following are some key points:

DNS Data

DNS data can provide a series of newly registered domain names, often used for spam to send the domain name, as well as the newly created domain name, and so on, all of this information can be combined with the black and white list, all these data should be collected for further analysis.

If you have a DNS server, you can check those external domain name query, which may find some unresolved domain names. This may mean that you have detected a "domain name generation algorithm". Such information will enable the security team to protect the corporate network. And if the LAN traffic data log analysis, it is possible to find the corresponding attack machine.

Command and Control (C2) system

Combining commands with control data allows you to get a blacklist of IP addresses and domain names. For a corporate network, network traffic should never be directed to known command and control systems. If network security personnel to carefully investigate the network attack, you can bring the traffic from the C2 system to the company set up a good "honeypot" machine.

Security threat Intelligence

Some data sources similar to the network reputation can be used to determine whether an address is secure. Some data sources provide "yes" and "no" decisions, and some provide information about threat levels. Network security personnel can determine whether an address should be accessed based on the amount of risk they can accept.

Network traffic Log

Many vendors provide tools to record network traffic logs. When using traffic logs to analyze security threats, it is easy to drown in large amounts of "noise" data. However, traffic log is still the basic requirement of security analysis. There are some good algorithms and software that can help people provide analytical quality.

"Honeypot" Data

The honeypot can effectively detect malicious software for a specific network. In addition, malicious software obtained through the "honeypot" can be analyzed to obtain its signature, thereby further monitoring the infection of other devices in the network. Such information is very valuable, especially if the custom malicious code used in many apt attacks is often not discovered by conventional anti-virus software. See the five reasons why enterprises set up "honeypot" in this article

Data quality is important

Finally, enterprises should pay attention to the quality of data. There is a lot of data available on the market, and the quality and accuracy of these data is one of the most important considerations when security personnel conduct large data security analysis. Therefore, the enterprise needs to have an internal data assessment team to the data source to raise the corresponding questions, such as: When the most recent data was added? Is there any sample data for evaluation? How much data can be added each day? What is the total amount of data collected?

News of security incidents and data leaks can appear in newspapers almost every day, and even if companies have begun to take the precaution of apt, traditional security defenses seem to have little to do with apt attacks. The use of large data, enterprises can take more proactive defensive measures, so that the depth and breadth of security defense greatly enhanced.