Six categories of use cases

Security Intelligence with Big Data solution will empower an organization to address the needs of a changing security landscape.  The following are categories of use cases where it can prove at least beneficial if not essential:

1. Establish a Baseline

Organization gains an understanding of its ecosystem, what needs to be defended or observed as well as formulating a risk profile enabling it to detect abnormalities.

Common Use Case Questions:

• Who are the attractive targets within my enterprise?
• Which applications and what data do we need to defend due to their sensitivity?
• What is the normal behavior profile for users, assets, and applications?

2. Recognize Advanced Persistent Threats:

Organization gains awareness of a motivated or incentivized attacker who attempts to hide or disguise the attack as innocuous interactions, potentially over a long period of time (months, years).

Common Use Case Questions:

• Which assets within my organization are already compromised or are vulnerable?
• Which external domains may be the source of attacks?
• Are there any low profile network traffic elements that might signal an ongoing or imminent attack?

3. Qualify Insider Threats

Organization gains evidence or is warned of users within the organization’s network who may be inclined to steal intellectual property, compromise enterprise systems or perform other actions that are detrimental to the organization’s operations.

Common Use Case Questions:

• What data is being leaked or lost and by whom?
• Who internally has the motivation and skills to compromise the cyber operations of the company?
• Who is exhibiting abnormal usage behavior?

4. Predict Hacktivism

Organization is alerted to attack from groups or entities that sympathize with causes that are contrary to the business interests of an enterprise.

Common Use Case Questions:

• Which controversial issues may trigger a negative sentiment about the organization triggering an increased risk of attack?
• How to identify and monitor intentions of entities antagonistic to the organization’s business practices?
• How does publicity of the company in the media impact risk?

5. Counter Cyber Attacks

Organization is informed of an impending or on-going attack by criminal enterprises or government funded or government sponsored groups.

Common Use Case Questions:

• What is the origin of an attack?
• Which hacking tools may be used and who is gaining access to them?
• Are their symptoms of an attack underway or being planned manifesting themselves as support issues?

6. Mitigate Fraud

Organization is appraised of new or existing fraud methods that may compromise its compliance with regulations or cause significant losses to its financial operations.

Common Use Case Questions:

• How can the organization identify a fraudulent activity?
• Which users have compromised identities that may lead to fraudulent activity?
• Can well known fraud attempts have patterns can either be detected or even anticipated?

Now its time to get your thoughts on the topic!

Is your organization looking to answer security questions similar to the ones above? Are there questions you want to ask of your data for security purposes that are omitted above? Also, welcome your thoughts on the intersection of security intelligence with business intelligence.