Are you swimming in a sea of cyber security data?

28th September 2018

Simon Whitburn
Senior Vice President Cyber Security Services

Digital innovation has turned us into data hoarders. The amount of information that organisations store, process and analyse has increased dramatically in just a short decade. In the same breath, the number of cyber attacks, the types of threat and the actors have grown exponentially. The combination of these two elements – growth of data and growth of cyber threats – presents a significant problem to CEOs. As a result, threat detection and notification need to be immediate. Speed of processing is therefore imperative, yet ever-increasing storage demands and network traffic contrive to slow everything down.

Data science is seen as a vital tool in the fight to protect organisations from online threats, yet most businesses won’t have the resources to create or build an in-house data science team.

What does data science offer?

Large organisations are making significant investments in embracing data science to help mine the vast quantities of data being generated by a permanently online world.

Data science examines where data comes from and what it means, then transforms it into more easily used resources. It’s a blend of computer science, maths and statistics which can encompass disciplines such as machine learning, data mining and visualisation among others.

Who’s using data science in security and why?

Journalist Robert Lemos, writing for TechTarget, interviewed a number of data scientists to find out how large companies are using data science to analyse huge volumes of data for cyber threat protection.

Although cyber threat detection systems use algorithms to detect known threats, scanning data for deviations from a baseline can also detect suspicious behaviour, helping to unearth previously unknown threats. Machine learning and AI can significantly speed this up and ensure that security analysts time and skills are spent more effectively.

This approach is used by Charles Givre, Deutsche Bank’s lead data scientist, for pattern analysis which detects suspicious activity. The systems can “rapidly scan through massive data sets and find things based on previous patterns without a human having to tell the machine to do that,” he explains. Suspicious events are then passed on to data analysts for further investigation.

Dominique Brezinski, an information security engineer at Apple, works in a similar way. The platform she works on can handle 300 billion network events every day, generating 100TB of data. The data is processed into tables refined for specific tasks that the security team can then run to spot potentially damaging events.

Lemos rightly points out that high-investment development projects like these are the preserve of very large companies; alongside Apple and Deutsche Bank, the global cyber security firm Sophos and Google are mentioned. The sheer scale of the data storage required and the cost of ramping up or acquiring the necessary skillsets make a return on investment unlikely – companies like Apple and Deutsche Bank bear the costs because protecting their data and organisation is vital.

Countering cyber threats

For a data science solution aimed at smaller organisations, those not large enough to justify this level of investment, Nominet provides protection. You can access the same data science knowledge and facilities that currently protect the heart of the UK internet.

Nominet’s products and services focus on the domain name system (DNS), the perfect place to look for cyber threat activity. Nominet’s NTX platform uses an aggregator to hive off DNS traffic to a data warehouse before the analytics engine gets to work. This minimises any impact on network performance from the detection process.

Analysis of your DNS traffic quickly spots the following:

  • Malware
  • Phishing
  • Botnets
  • Cryptomining
  • Data exfiltration
  • Mis-configured networks

It can also highlight unknown threats by comparing activity against a baseline, picking out anomalous behaviour. Threats matched against Nominet’s intelligence feed will be blocked immediately too, not just flagged.

Nominet’s analytics engine uses patented compression, analysis and machine learning to seek out a variety of anomalies, including domains created by domain generation algorithms (these are usually used for command-and-control servers for malicious botnets and other malware). Data feeds from trusted third-parties and algorithms that detect specific malware types are also used.

Need to know

To pass crucial information on to security analysts, the NTX platform offers a graphical front end, designed for novices as well as pros. That said, customers can opt for a managed service and rely on our experts instead.

There is also a connector that can be linked to many of the major Security Information & Event Management (SIEM) systems in use around the world.

A comprehensive reporting facility helps you to assess your cyber security health levels, report into your hierarchy and demonstrate compliance.

Run it your way

As alluded to above, Nominet offers two ways for companies to access our expertise and gain the type of protection enjoyed by much larger companies: NTXprotect and NTXsecure.

With NTXprotect, you install your own version (either on-site or in the cloud) and link it to your own DNS environment.

NTXsecure is the same technology but run as a service, where Nominet runs the platform and your DNS on your behalf. This is a better option for organisations that don’t have (or need) the required level of cyber security expertise in house.

The Nominet advantage

The field of data analytics is changing rapidly and proving to be a valuable weapon in  cyber warfare. But storing, accessing and exploring massive amounts of data, then turning it into actionable information, takes time, expertise and money. It could be beyond your company’s resources.

Nominet has always invested in data analytics. The data science team is pivotal in the protections that secure the UK namespace, not to mention the Government and other organisations.

To benefit from the same level of protection for your organisation’s systems and data – from the company with the expertise that has protected the country’s internet infrastructure for over two decades – get in touch today to arrange your free demonstration of NTXprotect.

Demystifying DNS for Cyber Security