Big data technology is so capable in security analysis, what kind of capabilities do we need if we want to apply this technology?
First, data capabilities. Having big data is a basis for effective use of big data technology, and having big data is by no means as simple as massive amounts. The important thing is multi-dimensionality and sustainability. In the case just now, there are three types of continuous multi-dimensional data that are very important. In the security industry, data such as file sample network behavior, system vulnerabilities, and application behavior are all very critical basic data. If you want to solve the same problem of business-level security, more data types are needed. The ability to possess big data is the foundation of the entire big data technology. The storage calculations, data mining and even visualization mentioned later all depend on data resources. How to collect data in multiple ways is a problem that security vendors or users must rethink. In the previous security system, the collected data is more of an alarm. However, under the big data technology circuit, the original network or The complete restoration and long-term preservation of terminal data and even business data will be very important
Second, it is not only necessary to have data, but how to deal with big data effectively is also very important. Previous data processing technologies are powerless in the context of big data. Making full use of the Internet big data technology route can not only bring extremely strong processing capabilities, but more importantly, effectively reduce costs. Among them, in the demonstration stage of the technical solution, it is very important to examine the maturity of the technical solution and the practical experience of the supplier.
Third, mining data. There are many ways to mine data, including correlation analysis or machine learning. In the above example, looking for correlation analysis through a failed sample to obtain more clues is a good example. Not only that, the application of machine learning in security analysis is becoming more and more mature. From the initial sample identification, to the current flow identification, or homology analysis, etc., machine learning can be used to complete.
Fourth, visual analysis. The previous example actually adopted the method of visual analysis. When we mentioned visualization before, what everyone valued was display ability, but visual analysis was often forgotten. This kind of technology actually has a very important value for security analysis. In many business scenarios, it is necessary to provide security analysts with enough space and convenience through visualization methods or tools to analyze complex data, and then understand the essence and discover anomalies. In this regard, we should try hard.