Using Big Data for Security Intelligence – Recognize Slithering in Cyberspace (Part 2)

In my previous post in this series, I looked at security considerations when enabling Big Data for your business. In collecting, accessing and providing parallel analytics across multiple data sets, you may be inadvertently opening the door to malware or a ‘snake in the grass’. It’s possible that the data you are correlating is something quite attractive to both cybercriminals and old-fashioned criminals, because it could be another way to gather intelligence for their cause or criminal crusade.

McAfee relentlessly provides Global Threat Intelligence (GTI) that our customers leverage to keep up-to-date and automatically block suspicious behavior and connections. This constant service is accomplished by using Big Data to uncover those who may be slithering in cyberspace and up to no good. Even before McAfee obtains a malware file, McAfee Labs has most likely already rated the reputation of its associated files or connections as suspicious. What really makes GTI successful are the highly specialized security professionals working around the clock and around the world, sifting through enormous volumes of data.

On average, the sampling of GTI data includes:

•     75 Billion Malware Reputation Queries/Month
•     20 Billion Email Reputation Queries/Month
•     2 Billion IP Population Queries/Month
•     300 Million IPS Attacks/Month
•     100 Million IP Port Reputation Queries/Month

With over 100 million queries a month, there’s a good chance that we will start to identify questionable behavior and connections. In my next entry, I’ll look at how IT can start to manage and create their own security intelligence with similar techniques – leveraging GTI to gain unique visibility into their own IT infrastructure and business threats.

By Kim Singletary