SecureData explains how its data collection helps protect end-users against threats, and what types of data it collects.
Pete Shoard, head of Cloud Product Development at SecureData in Europe, says the company collects and stores between one billion and five billion records of data per day from the UK, which the company uses to generate risk scores.
Shoard is responsible for the design and implementation of threat detection and defence mechanisms, and oversees the development of detection methodologies, reporting measures and response procedures. He will speak at ITWeb Security Summit 2015 later this month.
In this question and answer session with ITWeb, Shoard chats via e-mail about how data can be used to protect against security attacks.
ITWeb: What sort of data is being collected?
Shoard: SecureData collects security device logging data, host level status information, the output of vulnerability scanning, routing and ACL information from client routers/switches and firewalls, as well as a large amount of open source data from social media, blogs and various other sources.
ITWeb: What are the top five types of data being collected?
Shoard: We collect logging data from the following 'top five' device types: firewalls, Web proxy, e-mail exchange, IDS/IPS and active directory. However, it should be noted these are not necessarily our 'top five' in terms of volumetrics, or richness or value of data, although these do yield the highest rates of detection for our services.
ITWeb: Is this data being turned into useful information?
Shoard: All data received and processed by SecureData's big data appliance is metricised and used to generate risk scores on a per entity basis as well as providing a good basis on which to carry out investigation or correlate results. All data is useful for providing context or enrichment.
ITWeb: Why do you say that?
Shoard: Our methodology is both to contextualise discovered security incidents and to discover new incidents through the use of anomaly detection, which requires large sums of normalisation data to enable us to identify the unusual and events which do not align to trends or normal as set by the day to day usage of a client's systems.
ITWeb: What potential value could this data hold?
Shoard: We have requests from clients to provide operational and security metrics to ensure their businesses and services are operating as expected. This data has many research applications and is the pivot point for all of our service development and innovation.
ITWeb: How could it enhance companies' businesses and end-users' lives?
Simply through detection of the advanced threat or by providing insight into operational issues and malfunctions on systems which are monitored by us. It also provides direct intelligence about new threats that have been introduced into the market, enabling clients to take a preventative posture.
Share