Cybersecurity and Data Science
How can data science assist cybersecurity?
-Charles Parker, II
Cybersecurity has tended to be siloed from other areas. When other areas of the business receive emails from the security department, the first thought is “Ugh, more training.” There are however other areas in the organization that are able to assist cybersecurity.
Data science and mining are able to assist security in defending the company. Cybersecurity is familiar with the field mostly from one application-the SIEM. This may be from AlienVault, Splunk or other vendors. This function collects a mass amount of data, and analyzes this for trends or specific red flags. The data is collected typically throughout the organization and provides, when used to its fullest extent, a great picture into the business. These tools provide such a valuable service. There is absolutely no way a human could analyze this in any form of real-time.
Data science and mining are able to assist in protecting against attacks and improving the techniques used to fight these threats. In protecting against attacks, the attackers have operationalized their craft. Once their methodology is detected, a defense is put in place to protect against this. The attacker sees this through their additional attacks, and creates a new method, which evades the tools detection initially. This continues as long as the business is a target.
One way this may be of assistance is with behavior analytics. This is used at certain levels with the log and event management system. Data science however is able to bring this to a new level. These may work towards predicting the future behavior of attackers through the analysis and correlation of the data.
Data science is also continuing to improve its methods and utilization. We have seen this historically over time, however, this is improving at a sustainable pace, which will benefit cybersecurity.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s