Our hyper-connected world and its ever-faster network speeds have resulted in mountains of diverse data that needs to be processed. It has also resulted in an ever-expanding attack surface, requiring cybersecurity solutions to scale like never before. These days, scale is about more than traffic volume (which can be used for, say, DDoS attacks committed by a botnet of hijacked devices); it’s also about the need to rapidly identify threats and stop them before they can succeed. A methodology that helps here is long-tail analysis, an approach that looks for very weak signals from attackers who are technologically savvy enough to stay under the radar and remain undetected. Chasing the Long Tail The term long tail first emerged in 2004, created by WIRED editor-in-chief Chris Anderson to describe “the new marketplace.” His theory is that our culture and economy are increasingly shifting away from a focus on a relatively small number of “hits” (mainstream products and markets) at the head of the demand curve and toward a huge number of niches in the tail. Here’s how this long-tail concept applies to cybersecurity: You are specifically looking for those least-common events that will be the most useful in understanding anomalous behavior in your environments. A security analyst uses this basic four-step process for long-tail analysis: The analyst finds events of interest, such as website connections or user authentication. Then, you determine how to aggregate the events in a way…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-05-21 15:01:002020-05-21 15:01:00Long Tail Analysis: A New Hope in the Cybercrime Battle
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org