A new generation of cybersecurity applications is arising that uses machine intelligence applied to computer log data, part of the big data pantheon, to recognize malware and other security breaches even when their code signatures are unknown. These applications identify unusual activities, such as data being copied to an unknown outside URL.
To do this, writes Wikibon Big Data & Analytics Analyst George Gilbert, applications such as Splunk, Inc.’s, User Behavior Analytics (UBA) must first learn about legitimate network entities – both human and automated — and their normal patterns of data access and use. They can then flag abnormal patterns, trace them back to their source and report them as possible security issues, both to the enterprise chief security officer’s staff and to traditional cybersecurity systems of record. These can add the new identities into their security data repositories.
This, Gilbert says, is a rare packaged big data application that, while not nearly comparable to an ERP system in its scope, is clearly larger than the micro-apps that dominate the big data applications market today. They are made possible because the authors have a fairly complete knowledge of the characteristics of the data they are working with and what constitutes their target – in this case suspicious activity involving corporate data. In the absence of more generalized models, they can serve as a model for other big data applications of similar scope.