In the global fight against cyber crime, security teams that learn to use data effectively stand a greater chance of successfully addressing the threats that they face, and ultimately protecting their businesses from harm.
While information is power, not all forms of information are equally powerful and, to optimise the security value out of a particular type of data, it might be necessary to integrate it with another type, or multiple types of data – a technique known as data fusion.
What is Data Fusion?
Data fusion refers to the integration and unification of multiple data sources, via software automation, as a means of generating more useful collective data outputs. Those multiple sources might include data from databases, discrete files, APIs, websites, and watchlists, and involve information stored in both structured and unstructured formats.
In cyber security contexts, data fusion enables firms to capture threats in a way that reflects the shifting threat environment. Where traditional cyber security measures, such as firewalls and anti-virus software, operated independently of each other, in a data fusion environment, those systems form part of a larger entity which integrates sensitive monitoring and analysis tools, and which merges different security perspectives to derive greater meaning and value.
With that in mind, data fusion is not just about aggregating data sources and recording the information and insight that they produce. To get the most out of the process, security teams must be able to accurately assess and analyse data in conjunction with other data, and use that synthesis to generate actionable cyber security insight.
Data Fusion in Threat Investigations
Threat investigations present firms with a range of unique data challenges. In a suspected ransomware attack, for example, a network may generate an indicator of compromise (IoC) which, in isolation, would prompt a certain security response from the targeted firm. With the benefit of correlating data, however, perhaps concerning the type of ransomware or associated phishing strategy, a firm might be able to accurately identify the nature of the attack, and move quickly to address it by eliminating network vulnerabilities and securing targeted files.
While individual data points may offer limited security utility, as a fusion of complementary data points, they could help security teams progress their threat investigation with greater speed and accuracy and, ultimately, enhance its impact.
Key cyber security advantages of data fusion include:
- Threat assessment: Data fusion enables firms to assess potential threats with greater accuracy, discounting costly false positive alerts and escalating legitimate threats for proper remediation. Data fusion also offers insight into the severity of threats, enabling firms to set priorities as part of their incident response plans.
- Response efficiency: Following a security incident, time may be a critical factor in the successful mitigation of damage. By providing a holistic perspective, data fusion enables security teams to identify the causes of an attack, and deploy an effective response, faster.
- Data correlation: Effective cyber security may require firms to manage vast amounts of data across multiple data streams. Within that environment, it may be difficult, if not impossible, for human analysts to perceive meaningful correlations. In a fused-data approach however, software tools can identify connections and correlations automatically, in seconds, and highlight those data points for human analysts to escalate.
- Security flexibility: Data fusion helps firms react to a rapidly changing global threat landscape. While the risk of a given threat type might diminish over time, another may become more prominent, or entirely new threats may emerge. By monitoring and fusing multiple data sources, firms can remain aware of, and sensitive to, those subtle changes, and quickly adjust their security posture to better deal with the environment.
AI-Powered Data Fusion
While software automation gives firms the power to collect and analyse data with unprecedented speed and accuracy, artificial intelligence (AI) unlocks the power of data fusion by elevating its connective and correlative possibilities. AI tools offer deeper and more advanced analysis of structured and unstructured data sources, supporting firms’ threat investigations with more detailed live monitoring of data feeds, higher quality threat intelligence, and more targeted threat investigations.
Ripjar’s Labyrinth for Threat Investigations (LTI) is designed to tackle the efficiency challenges of swivel-chair analysis, harnessing the full potential of AI for powerful data fusion advantages. Supported by LTI, security teams can rapidly onboard new data sources, normalise disparate data feeds, and display data as vetted graphs. LTI’s graph features include capabilities to comprehensively map an organisation’s threat knowledge, add flexible data enrichment options, and customise data feeds to expand investigative possibilities.
LTI also enables you to prioritise data security: lock down data and add strong authentication with role and attribute-based access, integrate with existing security models, and comply with an array of privacy, security, and data protection policies. Backed by end-to-end platform security, LTI delivers peace of mind for your threat solution without compromising its analytic effectiveness.
Expand your organisation’s threat data advantages