Data driven security: Machine data is the first line of defence


One of the major business trends from the past decade is the growing digitalisation of customer interactions. With all industries looking at ways to take a more digital and integrated approach to how they work, there is a significant opportunity to improve the customer experience. At the same time, digitalisation and further integration of systems presents a challenge as it opens up an organisation to a more diverse and threatening set of risks.

Theoretically, anything digital can be exploited by cyber criminals, cyber terrorists or malicious insiders. If we look at an emerging example, the majority of the healthcare industry was not connected to the network 10 years ago, but now you can control healthcare devices remotely. Being able to do this has advantages, but it also represents a real opportunity for those with malicious intent to cause serious harm.

In an environment of advanced threats - often to human life - changing business demands and an increasingly extensive technology infrastructure, a traditional perimeter focused approach to IT security is no longer effective. In my opinion a totally new approach to digital security is required. Organisations need to adopt a data driven approach to digital security if they are to stay ahead of the threats whilst experiencing the growth opportunities presented by Big Data technologies.

The evidence of an attack exists in machine data within an organisation, so security teams need to gain insight from that data to properly detect, analyse and respond. Attackers will attempt to use all possible mechanisms to compromise an organisation, which may involve use of identity, endpoints, servers, business apps, web and email servers, as well as non-traditional systems. The evidence of these activities is often captured in the data from these systems, making analysis even more relevant.

By continuously monitoring this data across your entire infrastructure you can detect malicious activity as early as possible. This could involve spotting anomalies, recognising unusual activity or identifying indicators of compromised systems. As soon as you identify an issue, you can understand the scope and impact of a threat before taking steps to nullify it and ensure it doesn’t happen again. If, on the other hand, you aren’t able to see what’s happening, you can’t protect yourself”.

Many organisations are adopting technologies such as Splunk to get answers out of digital data sources. “For these organisations it’s critical that in a dynamic digital landscape they can apply Big Data technology to quickly get answers to their questions in near to real time. This means they can react as soon as they detect anything that might give them – or their customers – cause for concern. With the threat landscape continuing to evolve, it’s clear that machine data will take its place as the first line of defence for organisations in all industries.

If you would like to find out more about how Big Data could help you make the most out of your current infrastructure while enabling you to open your digital horizons, do give us a call at +44 (0)203 475 7980 or email us at

Other useful links:

What does Big Data mean for you?

Communications security: Essential, or a threat?

Big Data Analytics in the Travel Industry

Recent Posts