Big data analytics: the enterprise's next great security weapon?

The number of companies using big data analytics for at least one security or fraud detection use case will triple in the next two years, bringing some much-needed context to all the monitoring clutter.


Cybercrooks have stepped up their game with ingenious new ways to swipe tens of millions of consumers' payment card numbers and personal information. So it makes sense that large companies are now turning to big data analytics to at least quell the onslaught of security breaches.

Today, only 8 percent of large global organizations are using big data analytics to identify patterns and proactively snuff out attempts to weasel into their payment systems and compromise both their brand and their customers' financial information.

But that figure is expected to jump to at least 25 percent of companies by 2016, according to a new Gartner report, as enterprises embrace technologies and protocols that can give them faster access to more contextualized information both within and outside their networks.

Meaningful security monitoring data has an expiration date. If it's not used immediately and effectively, hackers can continue to prey with impunity, leaving their targets forever chasing and analyzing their most recent nightmare as criminals go about creating the next.

"A year or two ago, hackers would look around, conduct extensive cyberespionage on their targets and then go in for the theft – whether it was for money or information, said Avivah Litan. "Now hackers – aware of more effective security and fraud prevention measures erected by their target victim enterprises – simply go directly to the theft without a drawn-out reconnaissance phase."

This reality has spurned more big data analytics investments and acquisitions among banks and other financial institutions, but other sectors have been slow to leverage all the monitoring information they're constantly gathering.

Gartner says this tripling of big data analytics for security could result in reducing false alarms in existing monitoring systems, correlate high-priority alerts to detect patterns of abuse and fraud and speed up their response by tuning their rules and models against data streaming in near real time.