Information Security Analytics
Authors: Mark Talabis, Robert McPherson, I. Miyamoto, Jason Martin
We’ve all heard about Big Data and security analytics as solutions to a variety of information security problems. This book explains what they are, how they work, and the value they can bring to businesses.
About the authors
Mark Ryan Talabis is the Chief Threat Scientist of Zvelo.
Robert McPherson leads a team of data scientists for a Fortune 100 Insurance and Financial Service company.
I. Miyamoto is a computer investigator with a government agency.
Jason Martin is VP of Cloud Business for FireEye.
Inside the book
The point of data analytics is to provide usable business intelligence. The field of analytics is wide, and there are certain methods that work better for discovering security breaches than others. The authors concentrate on those, and on the tools that infosec professionals can use to implement them.
Today’s problem is not the lack of data to analyze, but the fact that it is unstructured and, yes, that we have too much of it (Big Data) and it’s a time-consuming job to sift through it in order to find the data we can actually use.
The authors introduce the concept of analytics in security and give easy to grasp examples of how analytics is helpful when it comes to predicting compromises, intrusion detection and incident response.
They present and explain the use of various statistical programming tools, simulation software, and databases. They mostly focus on free, open source software, because it’s accessible to everyone and is usually not restricted to options provided by the GUI. Learning to code analytical methods is a good idea for data scientists, they noted.
The book offers links to the tools, such as the Cloudera QuickStart VM, which simulates a working Apache Hive environment – a data warehouse infrastructure built on top of Apache Hadoop software framework for distributed storage and processing of Big Data – loaded with MapReduce data aggregation software. Other tools used include Apache Mahout and the R programming language, the characteristics of which are well explained, and some introductory material is provided. The authors also show how Python can be used for different security analytics scenarios.
A whole chapter is dedicated to analytics used in incident response – analyzing large volumes of collected data – and the use of the aforementioned tools and software stack. Different scenarios and challenges are addressed, and an extensive case study involving server log investigation is shared.
The next ones deal with security simulations for enabling better decision-making (with Rockwell Automation’s Arena) and the use of analytics to identify anomalies or misuse in access to systems. Again, detailed, step-by-step case studies are included, as well as an overview of other applicable areas and scenarios for the methods.
You’ll learn the value of text mining for finding patterns in unstructured data, and how to perform it in R. Finally, the last chapter is dedicated to developing actionable security intelligence from the analyzed information, and how this can help in different scenarios (insider threat, risk management, etc.).
At mere 182 pages, this book might not be the definitive tome about infosec analytics, but it’s definitely a good book to crack open when you’re just starting to wade into the topic and are looking for reasons to do it.
The great case studies and the additional use scenarios put on display the whole gamut of utilization options that it offers, and will point you in the right direction. Forensic investigators and security analysts unfamiliar with the methods could use a read.
The fact that the authors focused on free software is also a big plus.