Threat Detection Challenge
Big data platforms such as Cloudera Data Platform can easily consume, store, manage, and analyze very large amounts of data, such as log files, application status, and containers to fortinet. They can also correlate in near real time expected activity against actual activity and trust, ergo, support zero-trust architectures. Big Data Problem can also hold data for longer periods of time and examine it to enable pattern correlation.
The Ambiguity of Attack Stages
FortiGuard Labs collaborated with the MITRE Center for Threat Informed Defense CTID to analyze more than 6 million techniques utilized across cybercampaigns over a two-year period and found that 15 techniques made up 90% More importantly, these techniques abuse legitimate system tools underscoring the idea that adversaries are attempting to appear as legitimate users. highlight this challenge of separating malicious from legitimate activity, consider a common campaign flow, utilizing techniques that mirror normal operation.
Big Data Problem is produced and consumed in ever-increasing amounts and therefore must be protected. After all, we believe everything that we see on our computer screens. When we consider that there are bad actors around the world that seek to disrupt the very technology Big Data Problem that serves the people, cybersecurity becomes a ubiquitous problem around the globe. To highlight this challenge of separating malicious from legitimate activity, consider a common campaign flow, utilizing techniques that mirror normal operation.
- Reconnaissance: scanning external IPs. A common technique used by security teams to map the organization’s external attack surface, it also provides cybercriminals with insight into avenues of attack.
- Installation: command initiation. Regularly utilized to push out software by IT teams, powershell is also a key method of executing malicious code without end-user action.
- Command and Control. While communications to external IP addresses may seem like an easy tell, it’s actually quite often used by applications configured to communicate with cloud storage.
To read full download the whitepaper:
Cybersecurity and the Big Data Problem: Human Security Operations Alone Struggle to Keep Pace