Fighting Modern Security Threats With Intel and an Effective Cyber-Intelligence Solution
In this article
The ability to extract meaningful insights from data is critical for modern businesses to evolve, improve efficiency and create richer, more personalized customer experiences. Businesses are continuously amassing greater volumes of data from diverse sources. They can utilize that data to derive actionable insights through advanced analytics. And now new machine learning capabilities can also be used to protect your organization's digital assets.
Cyber attacks from nation-states, organized crime syndicates and other criminal entities are increasing – not just in number but also in novelty and stealth. An especially subtle scam or sophisticated threat might go completely undetected until the damage has been done.
A ransomware attack, for example, might progress in small steps across multiple assets in the target environment. Initial access can be gained in a "drive by" attack, where a malicious link is inserted into a trusted, public web page.
When clicked on by the victim, malware is loaded into the browser and can execute as part of a trusted process. From the infiltrated host, the malicious process finds a secondary victim in the local network, using an unknown exploit to write and execute a malicious agent onto the new victim. This agent now attempts to replicate where possible and all the agents begin encrypting data throughout the network, sending keying information out to a server controlled by the attacker.
Such an attack is extremely difficult to detect and block from individual observations of host and network activity — but quite easy to find by gathering all of the data into one analytics solution and correlating events over time.
That's right, the same machine learning (ML) analytics that help you improve customer experiences and open new markets, can now be leveraged for another beneficial purpose: to detect subtle anomalies within data that indicate potential threats of fraud, theft or other malicious activity.
WWT and Intel have partnered to help apply the Splunk/Intel reference configuration, which enables comprehensive data-mining capabilities that bring much-needed visibility to help thwart modern security challenges. And, it does so quickly to close security gaps and avoid business disruption.
A strong cyber-intelligence solution is based on leading data indexing and search technologies from Splunk and Confluent's Kafka event streaming platform, ingesting immense data volumes from hundreds of sources. And, it's enabled through Intel® technology and WWT's platform expertise.
A key innovation of the cyber-intelligence solution is its ability to readily access data from previously siloed environments. This provides total visibility across your entire enterprise using a common work surface. In legacy environments, users might consume services in multiple places — cloud, mobile, data center and so forth — and traditional fragmented security systems would see those instances only as single, unconnected events. Perhaps the events might be analyzed later, but not until long after they occurred, which can be too late. But with increased visibility across all data streams, those seemingly separate events can be correlated to reveal potential threats.
Your cyber-intelligence solution searches with Splunk's SPL (Search Processing Language) can be developed to red-flag known event indicators based on factors such as:
- Temporal location: for example, a login that suddenly originates in an unfamiliar state or country.
- Spatial distance: multiple unlikely events, like two logins within minutes of each other originating from opposite sides of town.
- Context: accessing a server via an unfamiliar browser or device, for instance.
Perhaps the most obvious use case example for cyber-intelligence capabilities would be in the financial industry, enabling institutions to monitor credit usage events and behaviors of cardholders in real-time. A well-designed cyber-intelligence solution takes security analytics a step farther, flagging correlations and patterns that might never be recognized by human eyes and rooting out the small percentage of threats that are capable of eluding automated security applications.
Crucially, cyber-intelligence is capable of doing all this in real or near-real time, giving an organization's IT team the opportunity to act quickly so theft and fraud can be foiled and potential losses averted.
WWT works with leading technology partners to enable cyber-intelligence solutions, leveraging their complementary capabilities to maximize overall effectiveness. Their foundational technologies consist of:
- Splunk Enterprise, to ingest and index diverse data streams into a searchable repository for users to generate their own reports, alerts, visualizations and other expressions.
- Apache Kafka, to provide the enterprise event streaming platform that streams data throughout the information security "circulatory system," with enterprise solutions like those from Confluent.
- Storage options for high-performance, software-defined back-end storage from companies such as MinIO and VAST Data.
- High-performance compute Intel® architecture, with Intel® Xeon®Platinum processors, Intel® 3D NAND solid-state drives, and Intel® Optane™ SSDs for faster insights and shorter time to pivot between security tools.
Once integrated, these solution ingredients provide users with rapid, real-time data access, streams processing, machine learning tools and consistent data models. Orchestration and automation enable users to detect and respond more quickly to sophisticated threats and can lead to useful insights for prevention measures.
A key feature of the cyber-intelligence solution is that it's designed for fast implementation. IT staff can be easily trained to make use of its tools, eliminating the need for hiring additional specialized staff. And, it is a flexible solution that can address each company's unique environment and needs. Some of the considerations in identifying the most appropriate approach include: how long to retain data? How many users? How many searches are necessary? What kind of back-end storage is needed? What legacy assets can be leveraged? How should the right SSDs, processors and other hardware be specified and deployed?
WWT can help you identify the correct solution for you with a one- or two-day cyber-intelligence workshop. In that customized workshop, WWT will gain an understanding of your data security environment; evaluate your data source complexity; identify security challenges, both real and perceived; and finally, establish clear goals and determine the architecture to achieve them.
Your custom workshop can also include demos or a proof-of-concept in WWT's Advanced Technology Center (ATC). After all, seeing is believing. WWT has the expertise to assist with every phase of implementation as we work closely with Splunk and Intel to ensure the right technologies will meet your demands.
Data can be an organization's most precious asset, especially when it's processed through analytics to glean maximum operational value. Now the value of that data can increase exponentially by applying the analytical power of cyber-intelligence to alert security teams to sophisticated fraud, theft and other threats that might otherwise remain undetected.
By offering maximum visibility and flexibility to express data in different ways, a comprehensive cyber-intelligence solution ends traditional data silos, delivering a complete security picture of your environment. And, its customized advantages can be deployed in weeks, not months, through the end-to-end integration services of WWT — accelerating advanced security analytics right now.
Contact us to arrange your own cyber-intelligence workshop, demo or a proof of concept, and read how Intel transformed its security posture with a new cyber-intelligence platform.