Acquiring and analyzing the right data is the key to unlocking the predictive powers of cloud-delivered services. To better understand how “Big Data” and “Predictive Analytics” are applied to cyber security at OpenDNS, let’s frame some parallels with two well-known services: Amazon and Pandora. We’ll look at how each service provider achieves their goals by using varying approaches to analyzing the varying data each acquires.
A look back to the year 2000
Amazon revolutionized recommendation systems for online shopping to get a leg up on their competitors, and to react faster to more data. It recognized that analyzing similar items based on user activity was more effective than analyzing similar users.
“A good recommendation algorithm is scalable over very large customer bases and product catalogs, requires only subsecond processing time to generate online recommendations, is able to react immediately to changes in a user’s data, and makes compelling recommendations for all users regardless of the number of purchases and ratings.”
Pandora broke ground on the Music Genome Project to attract users with a better experience. It determined that analyzing which items were similar based on their characteristics was more effective than subjective user activity (note: thumbs up or down activity is kept separate per individual user).
The approaches were fundamentally different, but very effective in analyzing the amount of data each service acquired at the time. [click here for an approach comparison] Today, OpenDNS arguably acquires data at higher volumes and velocities, and has more demanding goals, than either Amazon or Pandora. [click here for a goal comparison] OpenDNS adopted aspects of both past approaches, but to make predictions before users performed any activity (versus reacting to activity), we needed a more advanced approach.
A prelude to understanding the goals of OpenDNS
In the last decade, many industries have migrated to the cloud to offer more effective services by acquiring and analyzing better data than was ever possible on-premises – but not information security.
Most vendors are still pushing security on-premises via network appliances or endpoint software, then collecting and reacting to malicious binary samples and copies of attacks, in addition to relying on static IP or file reputation systems. Currently, they’re doing this very quickly, at high volumes, and in part using the cloud – but it’s fundamentally the same approach. This resembles Pandora’s strategy, as vendors still employ large teams of security researchers to manually analyze threat (item) characteristics. It also mirrors Amazon, who requires at least one user to create some activity (i.e. download and execute the threat) so the service could then react to the new data. Due to the increased sophistication of advanced threats and overwhelming volume of commodity threats, traditional vendor analysis of incoming data has failed to keep up. The wrong way to stay ahead of cyber attackers is by relying on signatures and reputation to discover what threats look like or how they behave.
Pioneering a new cyber security approach to stay ahead of attacks
In 2012, OpenDNS hit the 50 million daily-active user milestone. And since launching in 2006, we’ve built the world’s largest Internet security network, which is deeply woven into the meshed fabric that holds together the Internet. It became apparent to us that we already had the right data—both the global intelligence and situational awareness—to uncover when and where cyber attacks are being staged on the Internet. All we needed were the right data analytics to extract such predictive power. The secret was to build multiple algorithmic classifiers, an approach which does in part parallel those of both Amazon and Pandora—but we had to go further. We applied machine learning systems to observe and adapt to constantly changing patterns, thus achieving the best possible predictive accuracy and coverage.
As a result, OpenDNS is predicting which sites will distribute malware, control botnets, or phish login credentials—before an attack happens! And we’re not done yet, so stay tuned for more news on how we’re helping enterprises stay ahead of cyber attackers.
OpenDNS uses the power of data to provide unique security protection for our customers. Read more about our predictive technology here.