Previously, on Trending in 2022, we discussed how AI’s maturation in the cybersecurity field can help drive improvements in the detection, protection, and response capabilities of security products. One of the most popular methodologies when implementing AI is using machine-learning, which relies on big data, the topic of today’s blog. As prominent biomedical researcher Atul Butte once said, “hiding within these mounds of data is knowledge that could change the life of a patient, or change the world.” The day has arrived where we have the technology and the means of leveraging big data to a whole new level.
In the cybersecurity world, AI-enhanced detection, protection, and response capabilities result in augmented prediction, identification, response, and remediation of network threats, which are all based on leveraging the big data generated by network security solutions. In addition, both traditional data mining and advanced deep neural networks also require a large amount of network security data to work from and build a foundation.
Big data in the field of network security is different from big data in other fields. Its acquisition methods, acquisition difficulty, and data dimensions have their own distinct characteristics. For example, there’s unstructured, semi-structured, and structured data that either can or cannot fit into data models for different types of processing and analytics. Given how expansive network security is, the data coming in can pertain to a multitude of products and a multitude of interactions between various assets. This all has to be sorted out and must contain proper tags, data, and context in order to be relevant and usable.
- In 2022, the emphasis on big data technology will be further strengthened. In particular, security vendors will place emphasis on acquiring various forms of big data and using it for analysis. We believe investment in this field will increase steadily because the analysis could result in the discovery of new cyberthreat trends. These trends can be further scrutinized and the findings can be leveraged to mitigate future threats;
- Big data will be leveraged for threat intelligence collection, storage, and correlation analysis, allowing security infrastructures to be more malleable and adaptable;
- Building a threat intelligence knowledge map based on the MITRE ATT&CK framework is valuable, but involves a great degree of difficulty and effort. It is unrealistic for any individual enterprise to complete this Sisyphean task independently. Instead, the responsibility should rest on the shoulders of an alliance of the security industry;
- Security situational awareness, analysis, presentation, and prediction based on network security big data is still demanded in government and state-owned enterprises.