Fovea: Information Security Threat Modeling Using Big Data Analysis Techniques
Until now, security staff at a Seattle-based financial software and services company have spent a great deal of time and energy collecting and processing enormous volumes of security log data from a variety of data sources on our networks. This reduces the time we have to analyze the data and remediate risks that we uncover. The Fovea tool automates the collection and processing stages, allowing us to focus on analyzing the data and acting on the results. Fovea has already produced significant findings: we have begun geomapping unusual connections, and found traffic from unexpected places. We have discovered numerous network configuration errors that increase our risk exposure. Most importantly, we cross-referenced our traffic with the FBI’s database of known hacktivist threats, and discovered that we are a target. As Fovea grows in capability and complexity, we believe it will continue to demonstrate the value of collecting and analyzing security log data to improve situational awareness.