Policing the data lake
- 25 August, 2016 21:12
It's not hard to imagine Jim Kent as a detective with his friendly manner that invites you to confide in him where you buried your mother's body, which he was for fifteen years during which he set up the Suffolk Constabulary's cyber investigations unit.
“I was just a boring old detective, happily dealing with my murders and rapists, as you do, when I got a phone a call from my Chief Inspector. It was in 1998,” he remembers. “He said, 'Jim, you fixed my computer a few weeks ago. The government have come up with all this money and I can only have it if I build a high tech crime unit. So you're going to build it for me.'”
That started Jim Kent's journey into cybercrime investigations, “I ended up falling into it like it was something I was always meant to do.”
Jim Kent spoke to CSO Magazine at the recent Black Hat conference which he was attending in his current role as Chief Executive Officer for Nuix's North American operations and the company's head of Security & Intelligence products.
“In my mind there are two sides to cybersecurity,” he observes of the industry. “The front side is 'I'm protecting, I'm fortifying, I'm running the IDS, I'm the antivirus, whatever I am.' People have made a load of money out of dealing with those little buckets. Nobody really deals with the other side of security which is the 'how deeply have they been inside, what's my risk, how have they been able to cover their tracks by deleting logs?' That bit has kind of been ignored.'
Risks in the data lake
The problem he sees with the amount of data being collected is that it tends to get filed away for further use, creating a data lake which poses risks to organisations.
“People have data lakes of information and they have no idea what to do with them. The noise, the magnitude of alerts, the hullaboo of cyber security marketing, 'buy a bit of this and buy a bit of that' is a real issue for corporates.
“The real task is to simplify and sanitise that down. If you take it all away, what are you trying to do? Basically we're selling a simple message of 'don't open that PDF document',” he says of the industry. “Someone can sell you a million dollar product to do that but actually that should be part and parcel of your everyday security posture.”
Applying machine learning and Artificial intelligence as being the only way to manage the data lake, “When you apply machine learning and AI to it, it becomes enriched data. It's not just metadata or profile, it's actually fully enriched data.”
Ethical hacking
One of the areas Kent has specialised in has been penetration testing both at Nuix and in his previous businesses and he sees it as being critical for organisations so they can understand the weaknesses in their networks.
“Every organisation should have an ethical hacker. Someone who can give an honest, unbiased view of your security posture,” he says. “For me, ethical hacking is very crucial. It's something that should be done because hackers are trained in doing the right things.”
“Ethical hacking goes back to basic policing. The best people who can show you how to break into cars are those who used to steal cars because they will show you the things that will stop ninety percent of people.”
Eating an elephant
For executives, dealing with the complexities of information security is daunting. “The advice is just how you would eat an elephant – one bit at a time,” is Jim Kent's advice to business managers. “I would start at my most valuable assets and work outwards along with having people working inwards.”
“You need a combination of great people, you need the processes around it and obviously you need technology that allow the people and processes to be as effective as possible,” he says. “Each business is going to do things differently, one might start at the rump will another might start at the trunk, the end result will be the same.”
“I'd say 'what are you trying to achieve? Is it security posture? Is it risk management? Is it all of the above? Where do you want to be?'”
The police conundrum
For police forces Kent sees their data management challenges being similar to the private sector with privacy being a particular concern. “With that amount of data flying around there is bound to be some that shouldn't be there,” he muses.
“They are dealing with magnitudes of data, not just digital,” observes Kent about the task ahead for police force. “They've got body cams on, they have CCTV, there's so many things happening and that is all sitting somewhere where someone has to make sense of it.”
“They are now getting real time feeds but they aren't able to base that against history or intelligence to tell them where they should be policing. So collecting and correlating all of that is a big problem.”
Paul Wallbank travelled to Las Vegas as a guest of Nuix
