Make big data our eyes to capture cyber security threats

The surge in data in recent months has been revealed again. For those of us who are skilled in technology, data is always the core value of life throughout. But over the past few years, its value has become more transparent. Whether it's smartphones, infrastructure, or the workings of Silicon Valley start-ups, the concept of "data" has begun to be a big fuss. The masses have said that the data represents a new round of potential corporate profitability.

(Of course, electricity is still the guarantee.) Imagine sitting in an office with no electricity, staring at the battery residue on the phone that is about to go to zero, and the data is just a cloud. But that doesn't seem to matter to today's topic. )

For decades, data has become a lubricant and driving force for business operations. Nowadays, the fuzzy concept of "big data", which involves the calculation, collation and analysis of large and complex data collection, brings new value growth point and promises to accelerate the process of transforming information into wealth.

The reason is that as the volume of data explodes, the likelihood of its use will rise correspondingly. The inherent nature of the data itself has become an unprecedented development opportunity, and has also brought a number of extremely rare technical obstacles.

With a few analysis, you'll find that the biggest challenge in tapping your data potential is to choose the ideal big Data solution. In other words, we need to use large data to achieve large data protection efforts. This is the same as the movie "Inception" of the plot set the same use of dreams to change the dream.

Seculert is an Israeli emerging security enterprise whose main development direction is to use large data analysis technology to capture the network threat in the enterprise. In late October this year, they launched a proprietary engine called "Seculert Sense", which tried to use Amazon elastic mapreduce to collect terabytes of data from customers, such as zombie networks, malware and log files, and analyze them. The analysis results will be transferred to a web-based security-specific control panel.

Research and development: Accelerate threat detection speed, improve defense system flexibility, make existing security measures better adapt to changing network threats and address the security challenges posed by growing external network enterprise activities.

For more information, I made an exclusive interview with Dudi Matot, the founder of the company, Aviv Raff (abbreviated as AR).

Me: How is the Seculert company established?

DM: This company was born in 2010, but we started to focus on the market before that.

If you look at the beginning of 2000 years, that is, 03-04 years, the malware was targeted by the main financial consumers. And about 2006 years of information scanning and denial of service activities based on botnet have become the mainstream. By the 09 and 10, the attackers ' goal was to start targeting the enterprise environment. At the time, Google was the first company to make it clear that it was under attack, which was said to have come from China. The number of companies that responded to the attacks grew, eventually reaching more than 70, and most of the security service providers were involved.

Most traditional security providers provide management policy or signature based solutions only to customers. They develop the tools and the client is responsible for the configuration. The rest is not expected, the plan has been formed, we can only pray that these products really have to resist the ability of thousands of miles away.

Now that hackers are becoming more technologically skilled at hacking businesses and acquiring proprietary information, we've been trying to collect data to identify malicious activity that cannot be found by existing systems.

Most of the companies that have been hit are still ignorant, unaware that their security systems have been breached. Like a group of shortsighted lambs, they lie in the old technology and the old concept of the building of the broken kiln, but also think that they are very safe.

Speaking of which, I would like to thank the cloud computing and other modern technologies represented by large data. With their help, we have the ability to get massive amounts of data in terabytes, to process and correlate it in a distributed way through carefully developed code, and ultimately to come up with complex and accurate analytical conclusions.

Me: Your company attaches great importance to the safety protection work outside the Enterprise network. I think the trend of self-contained devices is an important factor in achieving this vision.

AR: Now employees will be remotely connected to the internal network from home, on the road, using their own purchase of mobile devices and so on. This situation presents a severe challenge to the traditional management program. The tools of the past only allow enterprise management of their own systems and devices. Our products are able to detect access devices from external, security-related issues.

This set of products will not give business managers the hardware or storage pressure. Extending the scope of management it's very simple. You can increase the logging scope directly from one months to one year through configuration, and the entire adjustment process can be completed within an hour.

DM: Many applications and other technical assets are moving toward the cloud. More and more employees are beginning to deal with internal affairs in a remote and external manner. In fact, continuing to struggle with cyber-security is no good. For a limited number of devices to carry out sophisticated testing, this is a bit thankless. In contrast, the cloud environment will be much friendlier. Since the equipment is on the service provider side, there is absolutely no need to worry about management and maintenance.

Most vendors provide equipment that delivers good corporate network coverage through gateways or other mechanisms. Check Point, Palo Alto Network company and so on are all good choices. But none of the suppliers have been able to protect the remote employees, and at present we can only expect them to install antivirus software and strictly comply with the security policy. IT departments are acting, but they have no real progress in terms of security. The prevailing management system is far too loose in comparison with the past.

AR: Enterprise managers certainly understand their own limitations in the development trend. We are trying to help them break through this complex and changing era, understand the real world outside the organization, and grasp the impact of new malware on existing security mechanisms. You may have spent millions of of billions of dollars on protection, but Seculert is the perfect value for complementary services, and it can make up for the deficiencies of the existing system.

Me: So seculert how to prove oneself value, expand market share? By preaching fear of the unknown? Start-ups are fundamentally about dealing with unresolved issues, but what if the enterprise itself is unaware of the problem?

AR: Companies regularly perform operational statistics, so we believe that managers are aware of the attacks they have suffered but do not understand the specific circumstances of the attack. Most of them say, "according to the analysis, the enterprise has been faced with security problems, but we do not know where the attack came from and what impact." ”

DM: We offer free trial products. Companies can set keywords based on their own circumstances, and we associate these keywords with our own database and collect information. If you find content that matches your keywords, it means that we can successfully find the objects that have been in the enterprise's existing technology assets, even as part of the zombie network. This is precisely the operating mechanism of the Seculert echo product.

We also allow enterprise customers to analyze our internal management logs so that they can detect attacks against them. Once a security vulnerability is exploited by a, it is believed that it will soon be mastered by more attackers, such as B and C. This is the meaning of Seculert sense products.

Me: That is to say, with the expanding customer base, the actual performance of Seculert products will be getting better.

DM: Yes, of course.

Me: Why should we launch service offerings in an independent fashion instead of integrating them into the mainstream of existing network security companies? I mean, since the two are complementary, is it more logical to merge?

DM: Our product is really a supplier-centric, not just for a single enterprise customer.

Me: Do you mean that it is more scientific and economical to offer products to a number of security service providers than to tie yourself to a particular supplier?

DM: Exactly.