Verizon Aims Big Data at Data Threats
Verizon Enterprise Services is upgrading its managed security services to include both an advanced monitoring service and a customer portal that lets its security customers intelligently review their own log data to get a better picture of potential threats.
The idea is to apply analytics to a big data resource -- 90 days of customer logs that show network activity and can reveal problems.
Both the advanced monitoring and the customer access to data through the portal are intended to more quickly identify threats and thus reduce the damage they cause. While some attacks take only minutes, it's during the time gap between when they are launched and when they are detected that data is stolen or other damage is done.
"The idea is to be able to take use cases and look for patterns in the data before there is a signature-based approach in place, because if we can find things more quickly, we can start closing up that gap," says Cindy Bellefeuille Stanton, director of security product management and marketing. "Being able to look for behavior that aren't signature events will allow us to identify the unknown types of attacks."
At no additional cost, Verizon's Managed Security Service customers will be getting these additional capabilities and more to come after the first of the year as Verizon continues to upgrade its offering.
The new NetFlow Monitoring service is a cloud-based automated analysis of 90 days of client data, taken from Verizon's Internet backbone and stored in a Hadoop cluster, and correlated with information from the Verizon Cyber Intelligence Center to detect not only known threats, but also patterns and new possible problems. For example, Stanton says, if there is activity between a client IP address and a known "command and control device, and it looks like there is work being batched," Verizon can identify that activity for its customer and give them a chance to explore further, if they choose.
"The workflow around the incident will take them back to the data to see if there are additional things to be concerned about," Stanton says. "The client can see the behavior of the affected IP addresses and can drill down into a screen and see the relevant information in searchable fields."
In many cases, Verizon will make a recommendation to the client and that will be enough, but some clients have been asking for greater capability to see the broader context of the threats within their own data networking activity, Stanton says.
Verizon also has been looking for more ways to use the intelligence it gathers as part of its cyber intelligence center and for its annual Verizon Data Breach Incident Report (DBIR) in helping customers. (See Verizon Offers Industry-Specific Security Advice.)
The managed security services product will continue to evolve, with new capabilities coming in early 2015, Stanton says. For example, today clients can use the portal to look at their own data but in the future they will be able to compare their data and security performance to that of their peers.
— Carol Wilson, Editor-at-Large, Light Reading