@IJRTER-2016, All Rights Reserved 95
Security Intelligence: Leveraging Big Data Analytics in the Cloud
Manish Ashoklal Kukreja Business School, University of Auckland
Abstract: Businesses are constantly increasing their network periphery due to new technologies like
cloud computing and amount of security-related data being generated is ever-increasing. Traditional
security solutions like firewalls, IDS, SIEMs are not equipped to handle these changes and a need for
modern cloud based security solution is felt by enterprises. In the era of Big Data Analytics,
organizations have already realized its potential in decision-making. This paper provides
fundamental concepts related Big Data and how organizations can leverage Big Data Analytics to
make a cost-effective security solution.
Keywords — security intelligence, big data analytics, cloud, video mining, machine learning
I. INTRODUCTION
Businesses are stretching their boundaries beyond traditional enterprise networks such as WAN [1].
According to Cisco, Software-as-a-service (SaaS) applications incur over 50% of all IT application
expenditure and it is expected to double by 2018, by both government (public) and private
organizations [2]. With ever-increasing usage of data on mobile devices and with introduction of
Internet of Things (IoT) exploding the data inflow from new devices like cameras, home security
systems, power grid data, air-conditioners, refrigerators, location information of vehicles, to name a
few [1]. This increase in periphery, increases threats and vulnerabilities in enterprise network and
necessitate the change in security tools to proactively identify intrusions before enterprise resources
are compromised [1].
At the same time, Law enforcement and Commercial firms are facing enormous challenges to
combat fraud, due to high volumes of data. According to KPMG, the amount of data generated by
daily business operations is estimated to be 30 times more data in 2012 than global businesses were
handling in 2001 [3], [4]. Financial Conduct Authority (FCA) in its annual Anti-Money Laundering
Report stated that current policies and systems of banks are generally weak and in order to fight
financial crime like money laundering, they must implement enhanced policies, procedures and
counter controls [5]. Again, the companies are under pressure to implement effective solutions to
identify and prevent fraud that not only can significantly impact businesses but society as a whole
[6].
Figure 1: Public vs Private Cloud Growth [2]
The problem is that the “data” or “information” is becoming an increasingly valuable currency, the
hackers are employing more sophisticated attacks to steal it [1]. This expansion in periphery is
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 96
worsening the situation even more. Several security products/ applications have been focused on the
boundary such as firewalls and Intrusion Detection Systems (IDS). Businesses have not been able to
see inside the internal network, to identify potential security breach that otherwise looks like an
ordinary business related event [7].
Typically, Big Data implementations are used by companies to profile customer behavior, to analyze
usage patterns, and so on. A second important use case, however, is to use it for analysis of security
related data [1]. For that reason, a good Security Intelligence (SI) solution is one that enables
complex problem-solving capabilities to defend enterprises against advanced threats [8]. That being
the case, a Security Intelligence solution is one that uses Big Data Analytics (BDA) technology to
combat fraud and/or intrusion [6], [7], [8], [9].
SI can identify the risk earlier by easily uncovering trends & patterns, establishing non-obvious
relationships between disparate sources of data. Using BDA, SI can processes large amounts of data
– structured (bank statements, spreadsheets) semi-structured (invoices, emails, PDF files) &
unstructured (videos), and as a result not only resolve investigations but also prevent criminal
activities [6], [9].
This paper aims to explore the need for Security Intelligence and how Big Data Analytics can play
an important role to monitor all activity across an organization network – to detect and identify
potential threats, intrusion attempts, frequent & anomalous patterns, and highlight weak spots.
The remaining of the paper is structured as follows. Section 2 presents related work and identifies
how it differs from the work presented in this paper. In Section 3 a security intelligence model is
presented. Section 4 summarizes the research efforts carried out in this paper, followed by a
discussion on future work. Last section contains list of abbreviations and references
II. LITERATURE REVIEW
This section explores earlier work related to Big Data Analytics for Security Intelligence and
identifies what is relevant to this study. Accordingly, each sub-section is decomposed smaller part of
the problem statement.
2.1 What is Big Data?
There exist numerous definitions of Big Data in both literature & industry, that causes confusion
[10]. Diebold in this paper claims that the term Big Data has its origins in mid 1990s [11]. Laney
presented a data management framework involving volume, variety and velocity [12]. Gartner define
Big Data as follows [13]:
“Big Data is high-volume, high-velocity and high-variety information assets that demand cost-
effective, innovative forms of information processing for enhanced insight and decision making.”
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 97
Unreliability in some sources of data [19]. Oracle added Value as another attribute, meaning initial
value of Big Data as compared to its volume is low and only after analysis high value is obtained
[20]. SAS extended the framework even further by adding two more dimensions Variability (and
complexity) – variability refers to changes in velocity and complexity explains difficulty in ETL
tasks on different data sources [21]. Contextual Scenarios require further dimensions - Virality and
Viscosity – virality measures how fast data is spread through a network and viscosity measures the
inertia in flow of data [22], [23], [24].
Since security is contextual, as a result Big Data is defined using eight V’s – Volume, Velocity,
Variety, Veracity, Value, Variability, Virality, Viscosity and complexity as ninth dimension for this
study.
2.2 What is Big Data Analytics?
Big Data kept in isolation is worthless. The process of analyzing and mining Big Data to uncover
unknown correlations or hidden patterns for leveraging decision-making is called Big Data Analytics
(BDA) [18], [14], [25]. The overall process of extracting potential value or knowledge from Big
Data can be divided into two main processes: data management and analytics [26], shown in Figure
3. Data Management process involves technologies to acquire, store & prepare data for later
retrieval. Analytics means techniques used to analyze and obtain intelligence from Big Data. As a
result, BDA is a sub-process in the overall process of mining Big Data [18].
Figure 2: Big Data differentiators [14]
As shown in Figure 2, Three V’s framework is widely accepted [15], [16], [17]. Here, Volume refers
to the scale or amount of data [18]. Velocity refers to the frequency at which data is created [18]. And
Variety refers to the structural disparity in data sources [18]. Additionally, IBM introduced another
dimension called Veracity which denotes the
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 98
Figure 3: Processes for extracting value from Big Data [18]
Both structured and unstructured data can be found in Big Data, thus, BDA can be further
categorized into Text analytics, Audio analytics, Video analytics and Predictive analytics [18]. Each
category houses several techniques and technologies, the ones that are relevant to this study are as
listed in sub-sections below.
2.2.1 Text Analytics
It includes techniques for text mining like Information extraction [27], Text summarization [28],
Sentiment analysis [29].
2.2.2 Audio / Speech Analytics
It is used for monitoring compliance with privacy and security policies, also provide information
about health and emotional status [30], [31].
2.2.3 Video Analytics
It is still in its developing stages, however, many algorithms like video indexing [32], anomalous
event mining [33], face recognition [34] are being published to make intelligent video surveillance a
reality [35], [36], [37] [9].
2.2.4 Predictive Analytics
It employs number of techniques, such as ad-hoc statistical analysis, predictive modeling, real-time
scoring, machine learning and more, on historical and current data to predict future [18], [38].
According to recent review by Forrester IBM, SAS and SAP are leading Big Data predictive
analytics solutions provider [39].
2.3 What is intelligence-led Security?
There are many definitions of the term “intelligence” for this study, however, Gill and Phythian’s
definition is the most appropriate:
“Intelligence is the umbrella term referring to the range of activities – from planning and
information collection to the analysis and dissemination – conducted in secret and aimed at
maintaining or enhancing relative security by providing forewarning of threats or potential threats
in a manner that allows for the timely implementation of a preventive policy or strategy, including,
where deemed desirable, covert activities.” [40], [41]
Figure 4: The intelligence cycle [41]
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 99
This definition talks about intelligencethat is “actionable”. Also it emphasizes on “context”,
that is again important for from security perspective [41]. It is equally important to understand that
“data” is not intelligence.
Unless the collected data (or Big Data) is not analyzed by in-house or third party tools it is just
“information”. Intelligence is derived only after the collected data is run through an intelligence
lifecycle [41], shown in Figure 4.
When security is based on such derived knowledge it is often referred as intelligence-led security. It
is not a new concept, Data-driven information security prevailed long ago, examples are bank fraud
detection, anomaly-based IDS or Security information and event management (SIEM) systems [41],
[42]. It is natural to ask if such systems existed long ago, why is there a need for change?
The problem is not software issue like a bug or an error in the existing systems, but the way these are
implemented and deployed in the organizations. Below sub-section talks about some of the key
limitations of existing security systems in Big Data realm.
2.3.1 Limitations of existing security systems
Reactive
Existing systems have a database of threats or exploits that are ‘known’, and how to tackle with
those is built-in to them as ‘rules’, in this sense they are reactive. That means their intelligence is
‘limited’ and can only be updated from outside. Some systems, however, update their database
frequently to provide a sense of ‘real-time’ intrusion detection [42], [14].
Manual
Many existing systems require manual or human inputs to work effectively like raising tickets to
report security incidents [42], analyzing hundreds and thousands of logs or watching surveillance
videos to trace back an incident during an investigation [9], [33].
Isolated
Most implementations of IDS or SIEM operate on single layer of network and often do not share
information about security incidents with each other [42], [41]. This limits them to see a holistic
view of an attack and makes them difficult to deploy in an cloud environment [42].
Homogeneous data
Existing security systems are not capable to work with heterogeneity in data or data sources [14],
[43], [26].
Insider attack
Almost all existing security systems keep a watch on the periphery of the network and does not look
for patterns or exploitation inside an enterprise network, making them vulnerable to zero-day
exploits [1], [42], [44], [45], [46], [47], [48].
Due to these limitations an evolutionary step to intelligence-led Security is required to proactively
seek weaknesses and manage them appropriately to protect enterprise network [49]. Some work has
already begun in this area in early 2009 a member-driven organization called Cloud Security
Alliance (CSA) was formed and released the very first comprehensive best practices document for
secure cloud computing [50]. Over the years they released several guidelines and best practices to
secure cloud by creating and maintaining meta-framework of cloud-specific security controls called
Cloud Controls Matrix (CCM) [51]. As a result following evolution in intelligence-led security is
anticipated by CSA:
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 100
Generation
Security
System Key feature
First IDS Layered security
Second SIEM Managing alerts
Third
BDA in
security Actionable Security
Intelligence
Table 1: Evolution of intelligence-led security [43]
2.4 Research gap
There is very limited knowledge available as to how an organization can leverage its existing cloud-
based Big Data Analytics infrastructure for extracting security intelligence. The research is scattered
into various areas such as video surveillance, cloud based SIEM, cyber threat intelligence and so on.
There isn’t any simplified or unified approach available in academia or industry, to implement a
Security Intelligence solution using Big Data Analytics in the Cloud. CSA is putting great effort to
standardize this next frontier. This paper is also one such attempt to bridge the gap by providing a
simplified model that allows organizations to implement such a solution and unlock potential
‘security value’ of Big Data implementation.
III. DISCUSSION
This section discusses the findings of the literature review and attempts to provide a simplified
reference model for a Security Intelligence solution leveraging Big Data Analytics in the Cloud.
3.1 Big Data Analytics for Security Intelligence
As discussed in earlier sections, that there is a clear need for an enhanced security system that should
be able to work with Big Data; and its perimeter is not limited to traditional WAN and computers but
its extended to cloud, mobile devices and things (IoT). Moving forward by defining the term
‘Security Intelligence’. According to Burnham (for IBM):
“Security Intelligence is the real-time collection, normalization, and analysis of the data generated
by users, applications and infrastructure that impacts the IT security and risk posture of an
enterprise. The goal of Security Intelligence is to provide actionable and comprehensive insight that
reduces risk and operational effort for any size organization.” [52]
Gartner defines it as below:
“Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable
advice, about an existing or emerging menace or hazard to assets that can be used to inform
decisions regarding the subject’s response to that menace or hazard.” [53]
Both definitions emphasize on ‘actionable insight’ and according to this study, a good Security
Intelligence solution would be the one that overcomes the limitations discussed in Section 2.3.1.
Furthermore, it should be able to utilize the existing infrastructure [49].
In order to extract ‘actionable insight’ a Security Intelligence solution must be built as a truly
unified solution with complex problem-solving capabilities, a single data management architecture
and a single user interface that guards against advanced threats and risks [52], [8]. Some of the key
capabilities of effective SI solution are discussed below [52], [8]:
Merging of data silos
Find interesting patterns between seemingly unrelated or ordinary activities and eventually provide
better insight for advanced threat detection.
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 101
Heterogeneity of data
Support to add data multiple disparate sources and ease of tuning analytics.
Unified Approach
Analysing massive data or events flowing from several network layers and devices on an integrated
platform to intelligently produce security alerts.
Real-time analysis
Using advanced analytical methods to process massive data to provide a view of what’s happening
right now across the network.
Before and after exploit insights
Collect and prioritize information about existing security weak spots to avoid breaches, and analyse
suspicious activities to identify breaches.
Automated forensic investigation
Perform exhaustive analysis of collected data to provide meaning information about incidents so that
security and network staff are less burden and can quickly build a remediation plan.
Anomaly detection
Analyse ordinary events for any deviation to proactively prevent attacks. This can avert insider
attack by a privileged user.
Less False positives
Using anomaly detection and real-time analysis false positives should be reduced to focus on top
priority incidents.
3.2 Reference model of SI leveraging BDA in the cloud
This section discusses how an existing cloud-based Big Data implementation be leveraged to
Security Intelligence solution. The key feature of this solution is that it is applicable to any size of
organization – small, medium or large. As it focuses on using Security Intelligence as a service
available in cloud implementation. In this solution, if an enterprise already has its Big Data
Implementation using Hadoop or other Big Data eco-system, SI as be deployed as a service on top of
existing infrastructure. However, if an enterprise does not have any Big Data implementation in their
organization then SI provider can use their own cloud-based implementation and by means of PKI an
organization can provide access to SI service. A unified user interface is would be available on Portal
and also can be accessed via mobile device. This model is scalable and fast, also it provides holistic
view of all the security related activities happening inside and enterprise WAN and cloud. This
model is adapted from SecaaS model described by CSA [54].
Figure 5: SI as a service in the cloud
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 102
IV. CONCLUSION
The objective of Security Intelligence using Big Data Analytics in the cloud is to acquire actionable
insights in real-time. This paper is an attempt to provide a simplified approach and a reference model
for implementing Security Intelligence as a Service in the Big Data cloud. There are some challenges
that require further research. These challenges must overcome in order to truly unlock the ‘security
value’ from Big Data Analytics. Below are some of the questions that must be answered:
1. Data provenance: Due to veracity nature of Big Data authenticity and integrity of data used for
analytics is questionable. Machine learning seems to be a viable solution to this problem, further
research can confirm.
2. Privacy: This is another big concern groups like CSA are working on security and privacy, and
often publish whitepapers and best practices.
3. Securing Big Data stores: this paper is focused on using Big Data analytics for security
intelligence, but on the flip side is the security of Big Data itself. Again CSA is publishing more
documents on security in Cloud Computing.
I hope that this paper provides a fundamental yet 360-degree view on how Big Data Analytics can be
used for Security Intelligence and lay ground for future research in this area.
ABBREVIATIONS AND ACRONYMS
BDA Big Data Analytics
CCM Cloud Controls Matrix
CSA Cloud Security Alliance
ETL Extract, Transform, and Load
FCA Financial Conduct Authority
IBM International Business Machines Corporation
IDS Intrusion Detection System
IoT Internet of Things
KPMG Merger of Peat Marwick International (PMI) and Klynveld Main Goerdeler (KMG)
PDF Portable Document Format
SaaS Software as a service
SAP (In German) "Systeme, Anwendungen und
Produkte in der Datenverarbeitung" (In English) “Systems, Applications and Products in Data
Processing”
SAS Statistical Analysis System
SecaaS Security as a service
SI Security Intelligence
SIEM Security Information and Event Management
WAN Wide Area Network
REFERENCES 1. S. Cates, “The evolution of security intelligence,”Netw. Secur., vol. 2015, no. 3, pp. 8–10, Mar. 2015.
2. Cisco, “Cisco Global Cloud Index : Forecast and Methodology , 2011–2016,” White Pap., pp. 1 – 41, 2014.
3. KMPG NZ, “Fraud Barometer,” 2014. [Online]. Available: https://www.kpmg.com/NZ/en/IssuesAndInsights/
ArticlesPublications/Fraud-barometer/Documents/Fraud-Barometer-edition-7.pdf.
4. KMPG UK, “Fraud Barometer,” 2014. [Online]. Available: http://www.kpmg.com/UK/en/IssuesAndInsights/A
rticlesPublications/Documents/PDF/Advisory/fraud-barometer-2014.pdf.
5. Financial Conduct Authority, “Anti-money laundering annual report 2012/13,” no. July, 2013.
6. S. Hipgrave, “Smarter fraud investigations with big data analytics,” Netw. Secur., vol. 2013, no. 12, pp. 7–9, 2013.
7. “SAS, eSecurity join security forces,” InfoWorld.com, 2003.
8. S. Bird, “The Case for Big Data Security Intelligence,” securityintelligence.com, 2014. [Online]. Available:
https://securityintelligence.com/security-intelligence-big-data-analytics-blurred-vision/.
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 103
9. F. X. Diebold, “A Personal Perspective on the Origin ( s ) and Development of ‘ Big Data ’: The Phenomenon , the
Term , and the Discipline ∗,” Soc. Sci. Res. Netw., 2012.
10. D. Laney, “3D Data Management Controlling Data Volume Velocity and Variety,” Appl. Deliv. Strateg., vol. 949,
no. February 2001, p. 4, 2001.
11. Gartner, “What Is Big Data?” [Online]. Available: http://www.gartner.com/it-glossary/big-data/.
12. A. a. Cárdenas, P. K. Manadhata, and S. P. Rajan, “Big Data Analytics for Security Intelligence,” Cloud Secur.
Alliance, no. September, pp. 1–22, 2013.
13. H. Chen and V. C. Storey, “Business Intelligence and analytics : From Big Data To Big Impact,” Mis Q., vol. 36, no.
4, pp. 1165–1188, 2012.
14. O. Kwon, N. Lee, and B. Shin, “Data quality management, data usage experience and acquisition intention of big
data analytics,” Int. J. Inf. Manage., vol. 34, no. 3, pp. 387–394, Jun. 2014.
15. TechAmerica Foundation: Federal Big Data Commission, “A Practical Guide To Transforming The Business of
Government,” pp. 1–40, 2012.
16. A. Gandomi and M. Haider, “Beyond the hype: Big data concepts, methods, and analytics,” Int. J. Inf. Manage., vol.
35, no. 2, pp. 137–144, Apr. 2015.
17. IBM, “IBM big data platform - Bringing big data to the Enterprise,” 2015. [Online]. Available: https://www-
01.ibm.com/software/data/bigdata/.
18. S. VARAH, “Big video data could change how we do everything -- from catching bad guys to tracking shoppers,”
VentureBeat. [Online]. Available: http://venturebeat.com/2014/11/30/big-video-data-could-change-everything-from-
catching-bad-guys-to-tracking-shoppers/.
19. SAP, “Small and Midsize Companies Look to Make Big Gains With ‘Big Data,’ According to Recent Poll
Conducted on Behalf of SAP.” [Online]. Available: http://global.sap.com/corporate-en/news.epx?PressID=19188.
20. Oracle, “Bringing the Value of Big Data to the Enterprise,” 2013. [Online]. Available:
http://www.oracle.com/us/products/database/big-data-appliance/value-of-big-data-brief-2008771.pdf.
21. SAS, “What Is Big Data?” [Online]. Available: http://www.sas.com/en_us/insights/big-data/what-is-big-data.html.
ukreja, M. A. (2015) – Security Intelligence: Leveraging Big Data Analytics in the Cloud R. Wang, “Monday’s
Musings: Beyond The Three V's of Big Data - Viscosity and Virality - A Software Insider's Point of View.”
[Online]. Available: http://blog.softwareinsider.org/2012/02/27/mond ays-musings-beyond-the-three-vs-of-big-data-
viscosity-and-virality/.
22. B. Vorhies, “How Many ‘V’s in Big Data – The Characteristics that Define Big Data.” [Online]. Available:
http://data-magnum.com/how-many-vs-in-big-data-the-characteristics-that-define-big-data/.
23. Big Data Alliance, “What is Big Data?” [Online]. Available: http://www.bigdata-alliance.org/what-is-big-data/.
24. SAS, “Big data analytics: What it is and why it matters | SAS.” [Online]. Available:
http://www.sas.com/en_us/insights/analytics/big-data-analytics.html.
25. A. Labrinidis and H. V. Jagadish, “Challenges and opportunities with big data,” Proc. VLDB Endow., pp. 2032–
2033, 2012.
26. J. Jiang, Mining Text Data. Springer International Publishing, 2012.
27. U. Hahn and I. Mani, “of Automatic Researchers are investigating summarization tools and methods that,” Comput.
33.11, no. November, pp. 29–36, 2000.
28. B. Liu, Sentiment analysis and opinion mining. Morgan & Claypool Publishers, 2012.
29. S. Kimura, “Advances in Speech Recognition Technologies,” in Fujitsu Scientific and Technical Journal (FSTJ) in
Human Interfaces, vol. 35, no. 2, Springer US, 1999, pp. 202–211.
30. H. A. Patil, “Advances in Speech Recognition Technologies,” in Fujitsu Scientific and Technical Journal (FSTJ) in
Human Interfaces, vol. 35, no. 2, Springer US, 2010, pp. 323–348.
31. W. Hu, N. Xie, L. Li, X. Zeng, and S. Maybank, “A survey on visual content-based video indexing and retrieval,”
IEEE Trans. Syst. Man Cybern. Part C Appl. Rev., vol. 41, no. 6, pp. 797–819, 2011.
32. F. Anwar, I. Petrounias, T. Morris, and V.Kodogiannis, “Mining anomalous events against frequent sequences in
surveillance videos from commercial environments,” Expert Syst. Appl., vol. 39, no. 4, pp. 4511–4531, Mar. 2012.
33. R. Gross and J. Shi, “Quo vadis face recognition?,” Third Work. Empir. Eval. Mehods Comput. Vis., 2001.
34. “Surveillance Analytics - Video Intelligence,” Verint Systems. [Online]. Available:
http://www.verint.com/solutions/security-intelligence-home/video-situation-intelligence/products/video-
surveillance-analytics/.
35. C. Norris, M. Mccahill, and D. Wood, “Editorial . The Growth of CCTV : a global perspective on the international
diffusion of video surveillance in publicly accessible space .,” Surveill. Soc., vol. 2, no. 2/3, pp. 110–135, 2004.
36. “Video Business Intelligence (VBI),” Verint Systems. [Online]. Available: http://www.verint.com/solutions/security-
intelligence-home/video-situation-intelligence/products/video-business-analytics/.
37. IBM, “Predictive Analytics - IBM Analytics,” 03-Jul-2015. [Online]. Available:
http://www.ibm.com/analytics/us/en/technology/p redictive-analytics/.
38. M. Gualtieri and R. Curran, “The Forrester WaveTM: Big Data Predictive Analytics Solutions, Q2 2015,” Forrester
Res., pp. 1–18, 2015.
39. P. Gill and M. Phythian, Intelligence in an insecure world. Polity, 2006.
International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]
@IJRTER-2016, All Rights Reserved 104
40. A. Liska, Building an Intelligence-Led Security Program. Elsevier, 2015.
41. R. Zuech, R. Wald, and T. M. Khoshgoftaar, “Intrusion detection and Big Heterogeneous Data: a Survey,” J. Big
Data, vol. 2, no. 1, pp. 1–41, 2015.
42. A. a. Cardenas, P. K. Manadhata, and S. P. Rajan, Kukreja, M. A. (2015) – Security Intelligence: Leveraging Big
Data Analytics in the Cloud “Big Data Analytics for Security,” IEEE Secur. Priv., vol. 11, no. 6, pp. 74–76, 2013.
43. R. Walters, “Managing privileged user activity in the datacentre,” Netw. Secur., vol. 2010, no. 11, pp. 6– 10, Nov.
2010.
44. R. Knights and E. Morris, “Move to intelligence-driven security,” Netw. Secur., vol. 2015, no. 8, pp. 15–18, Aug.
2015.
45. P. Somasekaram, “Designing a Business Intelligence Solution for Analyzing Security Data,” 2013.
46. B. Ghilic, – Micu, and M. Stoica, “COMBINING BUSINESS INTELLIGENCE WITH CLOUD COMPUTING TO
DELIVERY AGILITY IN ACTUAL ECONOMY.”
47. M. R. M. Talabis, R. McPherson, I. Miyamoto, J. L. Martin, and D. Kaye, Information Security Analytics. Elsevier,
2015.
48. S. Saunders, “Intelligence-led security assurance,” Comput. Fraud Secur., vol. 2014, no. 8, pp. 5–7, Aug. 2014.
49. Cloud Security Alliance, “History : Cloud Security Alliance.” [Online]. Available:
https://cloudsecurityalliance.org/history/.
50. CSA, “Cloud controls matrix,” pp. 1–2, 2014.
51. J. Burnham, “What Is Security Intelligence and Why Does It Matter Today?” [Online]. Available:
https://securityintelligence.com/what-is-security-intelligence-and-why-does-it-matter-today/.
52. R. McMillan, “Definition: Threat Intelligence,” Gartner, 2013. [Online]. Available:
https://www.gartner.com/doc/2487216/definition-threat-intelligence.
53. CSA, “SecaaS Category 7 Security Information and Event Management Implementation Guidance,” Secaas
Implement. Guid., no. October, 2012.
54.