Big data has become a critical business tool and a transformative force for enterprises across multiple industries and geographies. Vast amounts of data are now organized, available and ready to be analyzed, leading to advanced tactics and strategies that were previously impossible.

But prior to adopting a big data and analytics solution, business leaders should answer a few fundamental questions: How will big data solutions affect my organization’s security profile? What governance is needed? Are my existing technology solutions sufficient?

Big Data Solutions: Handy Tools and Juicy Targets

Data proliferation has led to greater amounts of data passing through networks. Through big data solutions, organizations can aggregate, index and analyze many types of data. These solutions allow organizations to find patterns and correlations in the data that can potentially reveal new business insights.

The ability to consume and process this data makes big data solutions appealing to many organizations. However, what makes these solutions attractive to business leaders also makes them attractive to bad actors. Think of big data as a digital library that provides organizations with an index to easily locate and access files. If a cybercriminal were to gain access to this index, he or she would have a direct line to the organization’s most sensitive information.

Big data environments are tempting targets, and defending them puts additional stress on the security personnel and systems tasked with data protection. In addition, the exponential growth of data is leading to challenges beyond security, including governance issues related to data accuracy, accessibility, completeness and consistency. Organizations can avoid feeling overwhelmed when implementing a big data solution by effectively managing and protecting their environments with an integrated governance and technology strategy.

Governance and Data Reservoirs

With respect to governance, big data solutions call for an agile approach to profiling and understanding data as it is ingested. This enables organizations to implement appropriate controls as the data is profiled without inhibiting the speed and flexibility of technologies.

Data lakes, for example, present a unique security challenge since they allow organizations to access and process many types of data within a distributed environment. To address these challenges, organizations can utilize enhanced, agile governance to better organize data lakes, creating what is known as a data reservoir.

Within a data reservoir, organizations ensure that data is properly cataloged and protected as it is ingested by the data lake. To do so, a data owner classifies the information sources that feed the reservoir and determines how the data should be managed, including access control, quality control, masking of sensitive data and data retention periods. No data should enter the reservoir without being cataloged upfront, which enables the immediate application of appropriate security controls. This agile governance approach should be applied across all big data solutions.

Technology Considerations

From a technology standpoint, organizations should leverage existing platforms where possible and supplement with additional tools as required. At a minimum, organizations should consider coverage of the following areas:

  • Configuration and vulnerability management: Are traditional security tools sufficient to protect and secure the data?
  • Identity and access management (IAM): Are the requests for sensitive information authorized and valid?
  • Network traffic encryption: Are attackers able to intercept and access the data in motion?
  • Metadata management: Is your metadata sufficient to let you know where and how that information came into existence? Is your data usable?
  • Encryption and masking for structured data and redaction for unstructured data: Are the sensitive information assets protected from unprivileged users?
  • Data activity monitoring: Are there unusual error patterns indicating a possible attack?
  • Blocking and prevention: Are there new requests for analysis that were not scheduled or known?

The effort to strike the right balance of governance and technology is a continuous process and will be unique to each organization. However, by focusing first on governance and fundamental security components, an enterprise will be well on its way to securing its big data solution.

Read the solution brief: Top tips for Big Data Security

Security Intelligence

Authored by David Shipley, Director of Strategic Initiatives, Information Technology Services, University of New Brunswick.

Embracing Cognitive Security Solutions

In many organizations, security is assumed rather than actively pursued. It is my job to make sure that isn’t the case. As the data center for three other universities in our province, my security team at the University of New Brunswick (UNB) protects a large digital bank of information with a fraction of the security resources of larger organizations. We have to protect student records, proprietary research material and other assets that criminals value highly.

A university is like the Mos Eisley spaceport of cybersecurity. We have every bad thing you could imagine: malware, vulnerable devices, patching issues and bring-your-own-device (BYOD) everywhere. We are, by our nature, open and transparent, yet we are supposed to be secure. Those two things do not go well together; we exist in that uncomfortable friction. Because of that, however, we are the perfect breeding ground for new ideas.

After the Gold Rush

We are faced with an exponentially growing volume of attacks due to the proliferation of new tools for cybercriminals. Today, the barriers to entry for cybercrime are tremendously low, creating a kind of gold rush. I feel this is due to a number of different factors, including the lack of a real, global cybercrime framework and national policing resources to address incidents and attacks. I am also worried about the amount of money that cybercriminals are obtaining to reinvest into their capabilities, widening the gap between the attackers and the attacked.

We are outgunned and need new capabilities to use as force multipliers to level the playing field with cybercriminals. UNB is exploring cognitive security solutions with IBM to augment our capabilities to deal with these challenges. UNB is one of eight universities in North America chosen by IBM to help adapt Watson cognitive technology for use in the cybersecurity battle. We are feeding real data into the Watson system as a natural extension of the work we are doing for security information and event management (SIEM).

Stop Fighting Fires

We have high expectations for cognitive security solutions in the coming years. The technology has so much potential to address our labor shortage gap, reduce our risk profile and increase our efficiency of response.

Cognitive systems can leverage unstructured data to provide the context behind attacks and provide an informed second opinion to increase our confidence for making decisions. I read a lot on a daily basis, but that might help me discover roughly 1 percent of what is out there in terms of the latest threats and risks at any given time. How am I supposed to apply only 1 percent against hundreds of active offenses on a daily basis? I hope cognitive security solutions can enable me to take a more holistic view of my cybersecurity situation.

Ultimately, I believe that these Watson-based solutions will allow security professionals to move to a higher level of value for their organizations. Cognitive solutions can help them get away from merely firefighting and into tackling longer-term strategic issues, such as user behavior and organizational culture, that can change the outcome of the present one-sided battle.

Read the IBM Executive Report: Cybersecurity in the cognitive era

Security Intelligence

If time is money in business, speed is security in infosec. HawkEye Analytics Platform is the big data component of the HawkEye set of security tools from Hexis Cyber Solutions, while HawkEye G offers integrated threat detection and automated response. Both are designed to provide comprehensive products to critical requirements in big data security analytics while putting an emphasis on speed.

HawkEye AP: Big data security analytics

HawkEye AP is a layered data management platform providing core services from data ingestion up through reporting and analysis. The foundation of the data management system is the Event Collection component, an extraction, transformation and load service that includes connectors to over 250 types of source systems. These sources include Windows servers, web servers, firewalls, databases, logs, NetFlow sources and SNMP sources.

The platform is designed to parse through hundreds of different data formats automatically. Data ingested by the event collection component is stored in the platform's vent data warehouse, a write once database optimized for columnar storage. The write once feature ensures the integrity of data by preventing tampering at the lowest levels of data access. It also allows database designers to avoid the overhead mechanisms needed in other databases that support update operations. The Event Database supports standard SQL and business intelligence tools so customers deploy third-party reporting tools to support their security reporting.

While traditional BI reporting tools may be helpful in some cases, the volume of data and fine grained attributes captured in security event information can make it difficult to find useful information. The analysis component of the HawkEye AP incorporates user management and some reporting functionality specifically designed for security information. These reporting tools further support a Dashboard, Reports and Investigation module that provides an HTML5 console for a single point of access to security data.

HawkEye G: Threat detection

To further support analysis and reduce the volume of data infosec professionals have to contend with, the HawkEye AP provides a thread detection component called HawkEye G. This incorporates machine learning and statistics techniques to help identify patterns, classify data and help infosec professionals focus on the most informative parts of all available security data.

HawkEye AP, coupled with HawkEye G, offers a comprehensive platform for big data security analytics. While HawkEye AP collects data from servers and network devices, HawkEye G includes endpoint agents for gathering data in real time for user devices. HawkEye G also has modules for detecting events at network edges as well as from third-party platforms.

Significant security events are usually a small percentage of all events recorded. Searching for malicious activity on an active business network is a prime example of searching for the proverbial needle in the haystack. HawkEye G incorporates a proprietary ThreatSync technology that verifies threats to reduce false positives using host and network correlation techniques. It also prioritizes events to help infosec professionals focus on the most important threats.

HawkEye also includes policy driven automated response to events. This can be especially important when infosec staff is limited and automated responses are needed to keep up with suspicious events on the network.

Pricing, support and deployment

Hexis Cyber Solutions' HawkEye AP is a software platform that is designed to sit between an enterprise's security operations center and the existing networking and security infrastructure. In addition to the HawkEye AP platform, Hexis also offers a managed service option for those who would rather delegate management and maintenance to the vendor.

Pricing is available by contacting Hexis Cyber Solutions directly. The company offers 24-hour support through its customer portal as well as phone support during normal business hours or 24/7, depending on your service-level agreement. Hexis Cyber Solutions' professional services group is available to help with planning, implementation and ad hoc analysis. The company also partners with EMC, Palo Alto Networks, SourceFire and Cerner.


Big data security analytics requires both scalable data management and advanced analysis tools that support infosec operations. The combination of HawkEye AP and HawkEye G cover both of those fundamental requirements. HawkEye G will be especially appealing to organizations that want the ability to query an event database using standard business intelligence reporting tools. For its part, the managed service option will likely appeal to small and midsize businesses that want the capabilities of the HawkEye platform, but do not have resources on staff to manage and maintain a big data security analytics platform.

Editor's note: The HawkEye G technology was recently acquired by WatchGuard. It's unclear how this will affect its integration with HawkEye AP.

Next Steps

In part one of this series learn about the basics of big data security analytics

In part two discover the business case for big data security analytics

In part three find out how to evaluate big data analytics platforms

In part four compare the top big data security analytics products

This was last published in September 2016

SearchSecurity: Security Wire Daily News

Businesses and government agencies are at risk of an increasing array of information security threats such data theft, malware, denial-of-service attacks and even compromise by insiders. No single security control or policy can address all threats. Instead, IT needs to deploy multiple measures. A key challenge for InfoSec professionals is to collect and integrate data on security events from the array of security controls deployed to protect assets. This is where security analytics comes in.

NetBeat MON from Hexis Cyber Solutions, is a security analytics product designed to help protect medium-sized businesses, specifically ones with multiple locations.

In a nutshell, NetBeat MON is a monitoring appliance that observes network activity within any network and its devices. Hexis presents the benefits of the product as supporting "network hygiene." That is, understanding and managing the contents of network traffic using tools such as packet capture and analysis, network flow analysis and intrusion detection.

Combining open source tools

Hexis Cyber Solutions did not reinvent the proverbial wheel when it comes to network monitoring, but it did combine well-established open source tools to bring cost-effective, consolidated monitoring to a broader market. NetBeat MON combines the features of five open source network monitoring tools: ntop, Wireshark, Suricata, Snorby and dumpcap.

  • Ntop is a network traffic sorting tool that supports IPv4 and IPv6. The tool allows you to sort IP traffic using multiple criteria, including source, destination and protocol.
  • Wireshark is a network protocol analysis tool that allows for both live traffic capture and offline analysis, including voice over IP. Information captures with Wireshark can be viewed in either a GUI or the TTY-mode TShark utility, and packet lists can be assigned a color scheme to help with sorting and analysis.
  • Suricata is a tool developed by the Open Information Security Foundation. The tool is used for monitoring network traffic, as well as providing combined intrusion detection system/intrusion prevention system functionality. Admins can also write rules to specific protocols, as opposed to receiving ports.
  • Snorby is a network security monitoring tool built using Ruby on Rails. Reporting features include the ability to classify events into predefined or custom categories for future reports. Additionally, the tool can integrate with OpenFPC, a packet capture tool.
  • Lastly, dumpcap is a tool for network traffic dumping. Dumpcap captures packet data in pcap-ng files, although libpcap formatting is also available. Features include customizable UIs, automated patching and remote management, as well as analysis, NetFlow and packet capture capabilities.

Deployment options

The deployment of NetBeat MON is dependent upon an organization's operation. The product requires the deployment of individual appliances at each of its locations. These appliances are either configured as a Master or a Minion unit upon setup -- the capabilities and duties of each unit follow. The Master unit will most likely be deployed at an organization's central office, allowing for centralized management of the Minions.

Each unit offers 8x DIMM RAM slots, 4 x 3.5-inch hard drive bays (hot-swappable), and an Intel i350 Dual Port GB Ethernet port. The NetBeat MON racks are built on Intel Xeon processors. See here for a full specification list.

As for purchasing and support, the NetBeat MON appliance is available only through channel partners. Single-call support is provided for one year after purchase, after that it is $ 1,500 per unit per year. The Hexis support team can answer questions regarding the open source tools that make up NetBeat MON, but does not provide direct support. Hardware issues are solved by sending the malfunctioning device back for repair.


No business or organization is too small to be the target of malicious cyber activities. Small and midsize business with limited resources can leverage open source security analytics tools without breaking their capital expenditure budgets.

Unfortunately, unless someone on staff is familiar with the implementation details of the range of open source tools in use, then deploying and maintaining a set of well integrated applications is difficult. NetBeat MON relieves some of that burden with a consolidated package of security analytics tools that does not demand an enterprise-scale budget to pay for it.

Editor's note: Hexis Cyber Solutions was recently acquired by WatchGuard, which may impact the NetBeat MON security analytics product line.

Next Steps

Part one of this series explains the basics of security analytics products

Part two of this series examines the use cases for security analytics

Part three of this series looks at how to procure security analytics products

Part four of this series compares the best security analytics products on the market

This was first published in September 2016

SearchSecurity: Security Wire Daily News

Promo Need to know to more about the role of biometrics, such as fingerprint, DNA, facial and iris recognition, in identity management? Sign up now for Biometrics 2016, three days of expert insight and discussion in the heart of London from 18 to 20 October 2016.

You can get more information and sign up at Biometrics 2016 but here is a summary of what to expect.

Attending as a delegate will give you unique access to an amazing group of more than 65 exceptional speakers from many different industries who will share insight, stimulate innovative thinking and provide practical solutions for identity management in the following areas:

  • Customer authentication
  • Mobility and payments
  • Information security and fraud
  • Law enforcement, forensics and military applications
  • Border control and travel
  • Privacy and data protection

In addition to large-scale government projects and its use in border control and law enforcement, the use of biometrics in mainstream customer-facing applications such as mobile payments come under the spotlight in dedicated session tracks including speakers from Santander and Mastercard.

An interactive format combines expert talks with panel discussions and Q&A sessions and plenty of time for additional networking during the refreshment breaks.

You can download the full programme here.

Free Exhibition and Seminar Programme

A free exhibition where you can meet with international suppliers and integrators of biometric solutions for identity management, authentication and security is co-located with the conference and open to visitors on 19 and 20 October. There is also a varied programme of free seminars at the exhibition, available on a first-come, first-served basis. Entry to the Exhibition is free but you need to sign up online for tickets.

More about Biometrics 2016

Privacy and data protection and the need to build consumer trust in why their biometric information is being collected and how it is handled, stored and potentially deleted continues to play a big role in the adoption of biometrics. This is particularly true in future growth areas that put biometrics at the heart of the consumer experience, for example travel, mobile payments and consumer electronics.

In a dedicated session, leading experts, including Pam Dixon, Executive Director of the World Privacy Forum, look at current thinking and highlight how the law needs to change to keep pace with technology.

Additional breakout sessions over the three days look at developments in the key vertical markets for biometrics with a strong focus on in financial services/mobile payments.

Isabelle Moeller, programme chair and CEO of the Biometrics Institute, says she is excited about the quality of this year’s programme: “We are once again delighted with the high calibre of speakers coming to London for Biometrics 2016. This event will give delegates a unique opportunity to learn from representatives of major international biometric implementations and projects and provides an outstanding opportunity to share, understand and discuss how biometrics can offer security and authentication solutions for their own projects.”

Sign up today here.

Sponsored: Boost business agility and insight with flash storage for analytics

The Register - Security