Every corporation in the U.S. is under attack daily between one and three times on average, and in many cases this fact is unknown with malware spreading unchecked inside the internal network for days, weeks and even years.
Cyber-criminals are getting increasingly sophisticated, polymorphic malware bits are running amok in many corporations’ networks, hitting the various departments every day.
Nowadays, in such a hostile context is no longer enough to detect and stop known threats, we now are searching for multiple signals to reveal many sneaky attempts in progress.
Initially it can seem pretty discouraging to stand up to the unknown, but in the case of cybernetic attacks there’s a common point, one alert among thousands in front of a personnel that’s already stuck trying to solve thousands of red lights in their systems. Alert weary is one of the main allies of cybercrime nowadays.
Attacks are not hundred percent surreptitious, they leave an indelible track that we can follow to bring order to chaos and separate real from fake.
Network activity brings a huge amount of the clues needed to gather information and identify attacks under way, but to be effective in identifying we need to really understand what happens in the network and have a clear understanding of what’s being used.
To take advantage of the network activity in an effective manner we need to create a network model that gives us a relevant context for security and in that identify potential threats.
This concrete scheme – that can be implemented on Hadoop- must be based not only in the link between devices: it must also allow a contextual analysis of what happens in the network, to be able to deploy actions in a preventive method instead of a reactive one.