Application Security

Big Data & Data Analytics in AppSec

Business data are undoubtedly key points to any company’s growth. Therefore it makes more sense when we talk about Big Data and AppSec Data analytics. 

Similarly, it makes sense to use data to understand and improve the way we protect these assets.

Therefore, we are seeing a growing search for the use of this data to identify potential failures. After all, these vulnerabilities could cause the security of this information to be compromised.

We’ll address the subject below in a way that can help you look for the best planning to validate your data.

Nothing new in the Security Scenario

Even though the issue of data analytics is on the rise, when the focus is on security – especially network security – there is nothing very new on the horizon.

This is due to the use of distributed data in SIEM solutions to analyze a large amount of information and thus present results that can help in decisions.

The use of log information and various systems has always been used as a basis for decision making. And in this respect, network security has been using Big Data and Data Analytics for much longer than other areas. 

Log analysis and correlation tools are frequently used, and provide information that helps determine use of new security frameworks. This also facilitates better budget planning and distribution.

More broadly, the use of consolidated data and information has always been the basis for many decisions, even before the term became hype.

But we need to point out that even having an older use, SIEM tools are passive. Therefore, they present a view only from an event happening or that has happened.

But these days, what we have seen is the use of data and information in other areas of security, and in other ways.

We will seek to introduce this new form in the next topics.

Big Data & Data Analysis in AppSec

We have witnessed companies’ growing search for solutions that can assist in the creation of increasingly advanced and predictive analytics. These analyzes can be explored based on data statistics.

With this type of data being analyzed, it is easy for managers to identify when there is a deviation in the behavioral pattern. Thus, it is possible to seek solutions through predictive models.

This type of analysis can be used for various security phases, such as comparing with previous results, for models that offer an improvement in the development process.

Predictive models are important pieces of data analytics and can help create a scenario in which analysts identify the best solutions.

However, we must be careful about what data to use, and how it is applied to generate our information. Using the wrong data or even “questions” can lead us to wrong conclusions. And that would be worse than not having the conclusion.

In its article “When to Use Big Data Lakes to Manage Security Data”, Gartner introduces us to possible data sources. In the example, these sources are used to feed an analysis base of a SIEM tool.

At this point, it is good to remember that when dealing with SIEM and its analysis, we are always talking about passive event analysis. This is a bit different from having a predictive analysis, but it serves as an illustration.

In this case, the big secret is to understand that data generated by SIEM-like tools would help us to analyze past events, besides thinking of solutions and actions to avoid future events.

Understanding the predictive model in Big Data & Data Analysis in AppSec

Overall it would be a different concept from what we expect for predictive analytics.

In a predictive mathematical model, what we hope to create is a set of statistical data that helps identify a pattern that can be used as a baseline.

New predictive and statistical models can be created using historical data sets using AI algorithms and even machine learning.

The amount of information needed to have an effective analysis is one of the tough questions to answer and has a total impact on the bottom line.

Beyond the end result, we have to think about the practical application of analyzing a large amount of data. This is because if we imagine a tool doing the real-time analysis work, along with presenting different scenarios, it would require too much processing power.

An example can be given with the following data. In a network with 20,000 devices connected to it – including notebooks, servers, smartphones and others – the average traffic generated is 50 Tb of data every 24 hours.

This equates to a 5Gb analysis of data every second. And it is this analysis that should identify potential attacks and potentially damaging events.

However, everything we have said so far has a lot more application in network security, and we want to have a more focused view on AppSec.

Big Data & Data Analysis in AppSec: a possible scenario

When we turn our attention to the use of Big Data and Data Analytics in AppSec, we can imagine data analytics being done primarily in predictive vulnerability models.

It makes sense to imagine that we could use Big Data and Data Analytics to demonstrate what the most frequent vulnerabilities are, and how they relate to, for example, the team’s level of maturity.

Likewise, it also makes sense to imagine that through the use of historical data analysis, we can act proactively for team training and capacity building.

Therefore, using Big Data and Data Analytics in AppSec may have a very wide field of application, and we are still beginning our first steps in this path. Using Machine Learning and Big Data will provide companies with enormous potential to counter threats and vulnerabilities.

Hence while these Big Data and Data Analytics engines are not fully integrated with AppSec solutions, we need to develop defenses that can withstand increasingly sophisticated attacks.

Also, if we put in the balance the increase of attacks coming from the employee itself – or third parties -, we will understand that we can achieve great advances with the use of Big Data and Data Analysis in AppSec.

It is important to be aware of the advances in this field of research and contribute to its development: only in this way can we make the long-awaited results real.

About author


Over 15 years of experience in Information Security and Applications, graduated in Data Processing worked as a Professor and participated actively as an instructor on trainings to more than 6000 developers and IT teams. Father of two daughters and trader on free time.
Related posts
Application Security

Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern

During a pentest engagement we found a Java application vulnerable to unsafe reflection [1]. This…
Read more
Application Security

Mitigating Vulnerabilities: Elevating Security Proficiency in Software Development

In the ever-evolving digital landscape, the significance of software security cannot be overstated.
Read more
Application Security

The Importance of Supply Chain to Application Security

When we think about software development, we usually think about complex technical concepts…
Read more

Deixe um comentário