Predictiveand Prescriptive Analytics used for Cyber SecurityNameCourseInstitutionDate
Itis evident that business firms and other organizations are threatenedin the contemporary society. Several of them have already beeninvolved in security hitches of one kind or another such as theDistributed Denial of Service (DDoS). Other attacks include the badbots which spread the malware, poach some critical informationthrough the websites and scrap and drive click fraud. The currenteconomy of application calls for every entity to be aggressive inlooking for practical solutions that can be used to deal with theseconstant threats to the public security. Due to the new DDoS attacksthat employ the use of the advanced botnet, there have beenagreements that since there are no signs of future attacks, thestandardized Intrusion Detection systems have been renderedinefficient. Basing on what is happening in the background, about athird of business managers is in the race of not only talking aboutthe analytics but also demonstrate tools using the traditionalanalytics and the shift to the sophisticated analytics. For thesafety reasons, clients are concerned with what is happening. They donot just want to know the hindsight. This aspect enhances fastdetection significant. The earlier the attack is detected andeliminated, the lower the risk and destruction to the organization.The operations of advanced analytics occur in real time allowingpotential problems to be identified and removed before they causesevere problems. Most of the organizations today are conversant withthe traditional analytics. Unfortunately, since they only have theability to access data from a single source, does not provide a clearview that can be used in comprehending what exactly took place sinceonly a portion of the operating system is involved. Attacks do notbase on one aspect alone. Attackers are likely to hit in numerousareas of the organizations’ setting like the endpoints, the networkgadgets, and applications, identities of the users and theircredentials and other regions. Therefore, the security strategies inplace must take care of all these areas to have a full understandingof the effect of the security crack. Due to this, it is essential tofocus on some of the current analytics, the aspect of cyber safetyand focus on how the predictive and the prescriptive are employed inthe cyber security dimension.
Currently,five types of analytics are common in the data security. These formsare likely to be used into the future as every product within thesecurity sector is racing to incorporate the analytics within itsprocesses. The first category is the Descriptive analytics. This formtends to find what is taking place using the data from thecontemporary happenings or within the immediate past (Minsker, 2015).It then incorporates the distinctive dashboards and findings thatbring the modern security state. The descriptive move includesanswering certain questions like how many attacks have beenwitnessed, and from which area, what are the leading threats, andgoes ahead to determine how vulnerable the enterprise is to attacks. This dimension has a long history although things have changedsignificantly today. It is a common aspect of every product andcompanies can easily access data using various ways and carry out abroad analysis.
Thereare also detective analytics. This form is useful in detecting thethreats that are in the systems but cannot be known using rulematching. The analytics are utilized in the detection of certainpatterns, nonconformities, irregularities, outliers and examine ifthey can be attributed to the threats.
Diagnosticanalytics are based on the past information to bring out preciselywhat happened at that time, the causes of the issue and the causesthat led to the question that we ought to examine. It involves deeperinvestigation and analysis of the incidences. The concept has shiftedfrom the use of limited tools to electronic gadgets that make use ofdefined laws and statistics in modeling.
PredictiveAnalytics makes use of both the present information and the past.This type can foretell the coming events. In this area, the aspect ofmachine learning is primarily applied. The tools make use of a lot ofdata to establish a cause-impact connection and predict a potentialimplication of the common causes. The use incident is handy in theprediction of the assets that are likely to be attacked and the usersthat can turn to be harmful at any time.
Thelast but not the least form is the prescriptive analytics. Currently,it is arguably the most valued form of analysis as it offerssuggestions on the appropriate actions to be taken in certaincontexts. This move is after the set machines recommend the mostsuitable control measures to be adopted for the type of risk that hasbeen detected.
Issueon Cyber Security
Thisarea is continuously becoming complicated daily. Its landscape isincreasing simultaneously to cover several areas. Besides, thecapacity and the sensitivity of the information storage and itsmanipulation is rising rapidly too in the business entities and theorganizations. This condition implies that the security departments,especially in the IT segment, should be in total control of theinformation to ensure that the data is safe (Rash, 2013). The rapidchanges have also expanded the platform of opportunities and offeredefficient potential sources for every organization regardless of itssize. Unfortunately, the advancement in technology has also resultedto unprecedented predicaments. These constant attacks by hackers oncompanies using new and unpredictable techniques have made thetraditional tools that were initially employed in the prevention ofthe attacks obsolete and ineffective.
Thisincrease in the number of the threats makes it necessary for theorganizations’ to shift from the traditional strategies that onlyreact to incidences after they happen to approaches that can easilyforesee the possibility of threats and come up with measures toprevent them from happening. Cyber security is the concept that dealswith protection of the systems, the networks, and the information inthe cyberspace. This aspect is a very critical issue for everyentity. As more devices get connected to the internet, the more thesignificance of focusing on cyber security.
Researchersbelieve that predictive and the prescriptive analytics will play apivotal role towards the realization of this objective.
TheFlaws of the Present-Day Security Measures
Thecurrent tools in the field of security are structured only to addressthe known threats. There central functioning is made up of databasesof digital profiles and signatures of databases that they employ indetecting irregular activities. These approaches are only effectivein dealing with threats that were identified in the past and areknown. Nevertheless, such mechanisms cannot be of any use whenthreats are not known, and the attacks cannot be predicted. Hackersdo not find any difficulty in coming up with different threats daily.Shareholders in the technology industry have confirmed that indeedthe threats in the field of cyber security have become automated andthe only way to beat them is by shifting from the traditionalapproaches (Chee-Wooi et al., 2012). Just like any other business,that its primary objective is amass as much profits as possible, thehackers have heavily invested both time and money in the past decadesto industrialize and automate their practices.
Thisaspect is not a small part given that the cloud computing has highpower and is at very low cost. Since the industry has been affectedby globalization, the equipment and the infrastructure needed for thecompanies` activities are readily available and cheap. There areseveral trends within the technological industry like theRansomware-as-a-service and the Botnets-as-a-service that make lethaltools in the cyberspace arena to amateur criminals in the field.
Thesemarket advantages have made the criminals to automate almost everyaspect of their business practices. They can come up with a newattack, create a solid campaign and quickly bring all the variants ofthe attack to the public. Most companies have stationery defensemechanisms which were established on the notion that organizationswill always fight or be prepared to combat a threat using the historyof previous attacks. This tactic is after some days of the initialattack being encountered unknowingly. Scholars have however alludedthat most of these attacks go undetected even for months.
TheChief Executive Officer of Invincea, Dr. AnupGhosh, stresses on thecritical role played by the exploit kits, one of the most lethaltools that are at the disposal of the criminals. He says that thetools give the criminals an ability come up with a one-and-doneattacks on the organizations that embrace the spear-phish campaignthroughout the year.
Theseforms of attacks are created in an exceptional way with a uniquesignature that cannot be identified by the security administrators.This approach cannot be dealt with the traditional security toolssince they have not encountered them before so as to have the abilityto detect them. The probability of them breaking into the traditionalsystems is, therefore, high. It has become the standardized form inalmost every attack.
Theapplication of the big data and the predictive analytics is promisingin the aspect of cyber defense. This condition is due to theircapability to change a significant amount of information from thesystems into actionable intelligence. Predictive indicators canquickly detect new emerging threats before the lead to destructivelosses. Besides, they are useful in helping the security departmentin dealing with the overload alarm.
Inthe cyber-criminal world, the actors have realized the initialsnatch-and-grab attacks in which they attempted to access significantamounts of information from the databases swiftly can be easilyidentified by the defense mechanisms like the firewall and theanti-virus. These defenses usually shut them down or quarantine theiraccess. They have therefore developed an approach that is morepatient than the snatch-and-grab approach. They construct layeredsoftware, specifically structured to steal small portions of dataover an extended period (Watson, 2013). These pieces of softwareavoid detection since they are always disguised in the form ofpopular formats like the jpgs and pdfs. Currently, the averageduration used by organizations to detect network breach stands at 200days.
Fortunately,the predictive analytics have the ability to detect these anomaliesearlier. They focus on the new patterns of accessing data even thehidden information that is being embedded in another format or hasbeen encrypted to avoid identification. By detecting these changingpatterns, the predictive analytics are essential in reducing therisks within the organization through limiting the duration that theyare on the network.
Efficient Management of Cyber Alerts
Alertfatigue has become a common issue within the CISOs dimension in thecyber security line. This fatigue is due to the many signals that areproduced by the defense systems in the daily processes.
Usingthe predictive analysis, evaluation and ranking of risks are on thesliding scale of significance. In the case of any malicious orsuspicious action being detected, the engines will alert the relevantpeople on the anomalies who will rank it from the highest to thelowest threat. When the vast amount of data is leveraged andprocessed efficiently, it ensures that predictive analytics can givetimely responses. This aspect is different from the traditional oneswhich not only time consuming but also ineffective and costly. Thepredictive analytics are yet to hit total perfection. Nevertheless,the desire for the hackers to run their activities unobserved hasmade them come up with behaviors that mimic the standard processes.Consequently, to manage predictive analytics, an organization shouldbe ready to deal with both false positives and negatives that theycome across in the course of threat surveillance (Watson, 2013).Similarly, the system should embrace zero tolerance strategy to thefalse negatives since it is through missing the dynamic threats thatlead to catastrophes within the security departments thatorganizations are trying to avoid. On the contrary, they also need tohave the records of the false negatives received to eliminate casesof being overburdened not only to among the people but also thesystem. The process cannot take the restrictive way taken whenblocking legitimate traffic like the clients` emails that can resultin reduced profits or service to customers. The move is a balancedone and should be carried out cautiously so as to realize optimumoutcome.
Eventhough the available resources are limited, organizations need tonote the critical incidences and prioritize their alerts in basing onthe possible implications after which they can now handle the signalsefficiently. The best strategy to achieve this is by having asecurity professional with different levels of expertise.
Theanalysts in the first tier should make an effort to deal with thealerts within five minutes or the shortest time possible and pass itto the experts that can differentiate a targeted attack from thegeneric one. This strategy frees up the organizational resources todeal with the severe threats. Both the known and unknown emergingissues should be addressed by the organization when creating acyber-defense program. After the threats are known, a standardizedform of defense is constructed. Businesses should strive to savetheir quality resources to tackle the unknown risks and developingdefense mechanisms against them. It is challenging to employpredictive indicators in the detection of unknown threats. However,when enterprises assess the losses and the nonconforming practices,they can apply big data to solve certain issues.
Challenges faced in Application of Predictive Analytics to Cyber Security
Althoughthe predictive analytics have proven to be active in cyber security,it has a lot of caveats. First, the essentials within the predictiveanalytics area for cyber security are entirely different from whatmost what most security bodies had familiarized themselves with inthe traditional field. Most of these requirements call for massiveinvestments and sacrifice in the field of data science. There is alsoneed for the firms to establish accessible, flexible structures tosupport the capacity of information that is required to trainadvanced machines about the learning algorithms. Lastly, thecompanies need to have quality information in huge volumes (Adhikari,2014). Though some of the challenges experienced are common withinthe analytics, they are amplified in this case. For instance,processing of this approach needs a lot of resources for computation.This aspect is necessary when dealing with algorithms that operate onlarge scale information sets. The engines also require being pairedwith specific computation resources that are structured to measurethe amount of information that is targeted for examination.
Thisapproach is always known as the final stage of the analysis.Typically, this method involves both the descriptive and thepredictive techniques. It comprises the application of computationand mathematics to come up with the decisions that will use the dataderived from the descriptive and the predictive phases. Although thedescriptive analysis is the initial stage of analytics in theorganizations, it still finds space within this area. It lays focuson the past threats and tries to understand them by analyzing otherhistorical information and find the reasons that led to theachievements and the failures.
Prescriptiveanalytics was placed at the beginning of the climax of the inflatedexpectations within the much-popular cycle of the emergenttechnologies (Rash, 2013). However, experts in the securitydepartments argue that it will take about five to ten year before itbecomes a common phenomenon within the security corridors of theorganizations globally.
Prescriptiveanalytics is the foundation of the future Big Data. Since detailedanalytics is viewed as the base of the cyber security intelligenceand predictive analytics the base of the Big Data then it is clearthat the future of the Big Data lies on the prescriptive analytics.Subsequently, the future of cyber security is centered on the aspectof prescriptive analytics. It is like a self-driven car that knowsbest the route to be taken using the specific data points andmathematical calculations.
Thisphase makes use of the current technologies like the concepts ofmachine learning and the artificial intelligence systems to have aclear picture of how the current threats will affect the measuresadopted in the future and use the cases to come up with the mosteffective measures. It makes it possible for companies to comprehendand exploit future opportunities in the fight against cyber-crimes ormitigate potential crimes since the predictions are updatedcontinuously when new data is accessed. Prescriptive analytics givesthe organizations a crystal ball. It will become more powerful afterdevelopment to reach a stage in which decision makers in the cybersecurity area will be able to foretell the future and come up withprescriptions that will be geared towards improving the predicteditems without the involvement of the Big Data experts. Even thoughthe aspect is in its infant stages, several use cases have beencentered on it in their development. Besides, most of the startups inthe fight against security breaches have focused on this aspect. Oneof such startups is Ayata which have the ability to tell what islikely to happen, the time that it will happen and the reasons behindit using patented software (Minsker, 2015). The fact thatprescriptive analytics is useful in areas that have numerousvariables, possibilities, constrictions and data sets, makes it handyin the cyber security which has the same characteristics. Similarly,sine some of the threats and risks are too expensive and riskyprescriptive analytics can rescue in such situations.
Characteristics of Prescriptive Analytics that can be Relevant in Cyber Security
Thefirst advantage of this approach is that it is the most advancedstage in the analytics. The first stage is the descriptive stage thatuses the available information to describe the present or the pasthappenings. After that, there is the predictive phase that examinesdata with an attempt to foretell what is likely to happen in future.However, prescriptive analytics makes use of the two to come up withefficient techniques to handle future scenarios. In cyber security,it tells the professionals the best ways that they can take if theywant to deal with security risks. In fact, any company that wishes tobe unique in the security department then they must incorporateprescriptive item.
Theaspect needs more integration of data than other forms of analytics.Security experts use a larger percentage of their time developingdata sets and only a quarter of the analysis. Unfortunately, theimbalance may become worse if the phase if fully adopted in the cybersecurity. Nevertheless, this situation can be checked by making useof Chief Information Officers who can help in collection andcompiling data in an easier and faster way.
Thefirm’s Chief Information Officers should be aware of their pivotalrole in fighting the cyber threats using the prescriptive analytics.They are like the evangelists in this setting. CIOs that arestrategically minded should carefully examine the risks and point outthe loopholes in the security walls. They should be the evangelistsby indicating how the business can improve the security departmentusing the prescriptive analytics (Minsker, 2015). Every organizationshould be strategic when it comes to prescriptive analytics. Thereshould be collaboration and partnership among senior officers in thesecurity departments to make this approach useful.
Prescriptiveanalysis needs speed when used. Even though the outcomes of theprescriptive analytics can be essential in long-range designing, theymay also be required in giving solutions for urgent security issuesand threats in the course of business activities. There are timeswhen it is necessary for the prescriptive analytics should be used inreal time to deal with certain risks. Accordingly, the informationtechnology infrastructure that places should have the ability toanalyze data and provide findings almost immediately.
Inas much prescriptive analytics is an effective method, it should notreplace the human judgment. Prescriptive analytics is not entirelycentered on technology. Instead, it comprises the aspect of askingrelevant questions on the security threats and being aware of how toreact to the available findings. In this case, for the approach to besuccessful, the organization should have qualified individuals in thesecurity department (Rash, 2013). The Chief Information Officersshould train the experts to balance between technological informationand the human judgment on certain risks. However, in all cases, theexperts should be given autonomy in practice.
Mostfirms in the contemporary world are threatened. The current situationcalls for every institution to create aggressive measures to dealwith the constant threats in the cyber space. Unfortunately, mostorganizations are familiar with the traditional of the conventionalmethods of dealing with the threats. The rapid advances in thetechnological field have made the traditional measures ineffectiveand obsolete. Currently, there are five stages of analytics that areused in the area of data security. They include the descriptive,predictive, detective, diagnostic and the prescriptive analytics. Themost advanced phase is normative that offers suggestions on theproper actions to be taken in a particular context.
Cybersecurity is an area that has become complicated due to the evolutionof technology too. Its landscape has expanded to cover several areas.The expansion has created a large surface with several loopholeswhich criminals can make use of and attack the databases of theorganizations. There are several flaws in some of the contemporarysecurity measures that are put in place. Fortunately, the cybercrimescan be dealt with if the predictive and the prescriptive analyticsare applied effectively.
Adhikari,S. (2014).Your secret weapon. AerospaceAmerica,52(9),24-27.
Chee-Wooi,T., Manimaran, G., & Chen-Ching, L. (2012).Cyber Security forCritical Infrastructures: Attack and Defense Modeling. IEEETransactions On Systems, Man & Cybernetics: Part A,40(4),853-865.
Minsker,M. (2015).Peek into the Future.CRMMagazine,19(4),22-26.
Rash,W. (2013).Graphical Tools Help Security Experts Track Cyber-Attacksin Real Time. Eweek,4.
Watson,H. J. (2013). The Business Case for Analytics. Bized,12(3),49-54.