Business Intelligence and analytics are a hot topic and for good reason. In today's economic climate, any cost savings that a company can eke out is a win. By taking a closer look at data that already exists, companies can use analytics to make more informed decisions that are optimal and realistic.
My question is: can analytics and predictive modeling be used to sniff out potential computer attacks better that what's out there right now?
When you think about security, you can consider antivirus-type traffic analysis or any 'signature' based technology as reactionary. These types of threats have already occurred and already known to the world. A company has put out a protective layer to protect against a known entity.
Anomaly based systems differ from signature based systems in that anomaly based systems first determine what comprises 'normal' traffic on the network and then alerts when something is detected that is out of the norm. It tries to stay on top of the unknown.
In a predictive modeled system, the idea is that all of the facets of analytics will come into play in order to predict the next attack: data mining and text analytics will scrub over forms of structured and unstructured data in order to ferret out trends and models will be developed based upon statistical analysis. Data can come from any form: social media, server logs, database entries, calendar events.
For example, how could the knowledge of a non-work day in China factor into a potential attack? Well, off-days and late nights before a holiday is the perfect time to cyber mobilize a vast army of people. Would that be the perfect time for a system administrator to ensure all signatures are up to date? Maybe.
In analytics, your range of capabilities start with such reactionary questions such as "what happened?" and "what exactly is the problem?". However, the competitive advantage comes into play when you reach into the proactive realm of questioning such as "what if these trends continue?" and "what will happen next?".
My research paper for my last semester of graduate school is trying to answer these questions and propose types of predictive models that could assist in uncovering the next big computer attack.