@IJRTER-2016, All Rights Reserved 95

Security Intelligence: Leveraging Big Data Analytics in the Cloud

Manish Ashoklal Kukreja Business School, University of Auckland

Abstract: Businesses are constantly increasing their network periphery due to new technologies like

cloud computing and amount of security-related data being generated is ever-increasing. Traditional

security solutions like firewalls, IDS, SIEMs are not equipped to handle these changes and a need for

modern cloud based security solution is felt by enterprises. In the era of Big Data Analytics,

organizations have already realized its potential in decision-making. This paper provides

fundamental concepts related Big Data and how organizations can leverage Big Data Analytics to

make a cost-effective security solution.

Keywords — security intelligence, big data analytics, cloud, video mining, machine learning

I. INTRODUCTION

Businesses are stretching their boundaries beyond traditional enterprise networks such as WAN [1].

According to Cisco, Software-as-a-service (SaaS) applications incur over 50% of all IT application

expenditure and it is expected to double by 2018, by both government (public) and private

organizations [2]. With ever-increasing usage of data on mobile devices and with introduction of

Internet of Things (IoT) exploding the data inflow from new devices like cameras, home security

systems, power grid data, air-conditioners, refrigerators, location information of vehicles, to name a

few [1]. This increase in periphery, increases threats and vulnerabilities in enterprise network and

necessitate the change in security tools to proactively identify intrusions before enterprise resources

are compromised [1].

At the same time, Law enforcement and Commercial firms are facing enormous challenges to

combat fraud, due to high volumes of data. According to KPMG, the amount of data generated by

daily business operations is estimated to be 30 times more data in 2012 than global businesses were

handling in 2001 [3], [4]. Financial Conduct Authority (FCA) in its annual Anti-Money Laundering

Report stated that current policies and systems of banks are generally weak and in order to fight

financial crime like money laundering, they must implement enhanced policies, procedures and

counter controls [5]. Again, the companies are under pressure to implement effective solutions to

identify and prevent fraud that not only can significantly impact businesses but society as a whole

[6].

Figure 1: Public vs Private Cloud Growth [2]

The problem is that the “data” or “information” is becoming an increasingly valuable currency, the

hackers are employing more sophisticated attacks to steal it [1]. This expansion in periphery is

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 96

worsening the situation even more. Several security products/ applications have been focused on the

boundary such as firewalls and Intrusion Detection Systems (IDS). Businesses have not been able to

see inside the internal network, to identify potential security breach that otherwise looks like an

ordinary business related event [7].

Typically, Big Data implementations are used by companies to profile customer behavior, to analyze

usage patterns, and so on. A second important use case, however, is to use it for analysis of security

related data [1]. For that reason, a good Security Intelligence (SI) solution is one that enables

complex problem-solving capabilities to defend enterprises against advanced threats [8]. That being

the case, a Security Intelligence solution is one that uses Big Data Analytics (BDA) technology to

combat fraud and/or intrusion [6], [7], [8], [9].

SI can identify the risk earlier by easily uncovering trends & patterns, establishing non-obvious

relationships between disparate sources of data. Using BDA, SI can processes large amounts of data

– structured (bank statements, spreadsheets) semi-structured (invoices, emails, PDF files) &

unstructured (videos), and as a result not only resolve investigations but also prevent criminal

activities [6], [9].

This paper aims to explore the need for Security Intelligence and how Big Data Analytics can play

an important role to monitor all activity across an organization network – to detect and identify

potential threats, intrusion attempts, frequent & anomalous patterns, and highlight weak spots.

The remaining of the paper is structured as follows. Section 2 presents related work and identifies

how it differs from the work presented in this paper. In Section 3 a security intelligence model is

presented. Section 4 summarizes the research efforts carried out in this paper, followed by a

discussion on future work. Last section contains list of abbreviations and references

II. LITERATURE REVIEW

This section explores earlier work related to Big Data Analytics for Security Intelligence and

identifies what is relevant to this study. Accordingly, each sub-section is decomposed smaller part of

the problem statement.

2.1 What is Big Data?

There exist numerous definitions of Big Data in both literature & industry, that causes confusion

[10]. Diebold in this paper claims that the term Big Data has its origins in mid 1990s [11]. Laney

presented a data management framework involving volume, variety and velocity [12]. Gartner define

Big Data as follows [13]:

“Big Data is high-volume, high-velocity and high-variety information assets that demand cost-

effective, innovative forms of information processing for enhanced insight and decision making.”

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 97

Unreliability in some sources of data [19]. Oracle added Value as another attribute, meaning initial

value of Big Data as compared to its volume is low and only after analysis high value is obtained

[20]. SAS extended the framework even further by adding two more dimensions Variability (and

complexity) – variability refers to changes in velocity and complexity explains difficulty in ETL

tasks on different data sources [21]. Contextual Scenarios require further dimensions - Virality and

Viscosity – virality measures how fast data is spread through a network and viscosity measures the

inertia in flow of data [22], [23], [24].

Since security is contextual, as a result Big Data is defined using eight V’s – Volume, Velocity,

Variety, Veracity, Value, Variability, Virality, Viscosity and complexity as ninth dimension for this

study.

2.2 What is Big Data Analytics?

Big Data kept in isolation is worthless. The process of analyzing and mining Big Data to uncover

unknown correlations or hidden patterns for leveraging decision-making is called Big Data Analytics

(BDA) [18], [14], [25]. The overall process of extracting potential value or knowledge from Big

Data can be divided into two main processes: data management and analytics [26], shown in Figure

3. Data Management process involves technologies to acquire, store & prepare data for later

retrieval. Analytics means techniques used to analyze and obtain intelligence from Big Data. As a

result, BDA is a sub-process in the overall process of mining Big Data [18].

Figure 2: Big Data differentiators [14]

As shown in Figure 2, Three V’s framework is widely accepted [15], [16], [17]. Here, Volume refers

to the scale or amount of data [18]. Velocity refers to the frequency at which data is created [18]. And

Variety refers to the structural disparity in data sources [18]. Additionally, IBM introduced another

dimension called Veracity which denotes the

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 98

Figure 3: Processes for extracting value from Big Data [18]

Both structured and unstructured data can be found in Big Data, thus, BDA can be further

categorized into Text analytics, Audio analytics, Video analytics and Predictive analytics [18]. Each

category houses several techniques and technologies, the ones that are relevant to this study are as

listed in sub-sections below.

2.2.1 Text Analytics

It includes techniques for text mining like Information extraction [27], Text summarization [28],

Sentiment analysis [29].

2.2.2 Audio / Speech Analytics

It is used for monitoring compliance with privacy and security policies, also provide information

about health and emotional status [30], [31].

2.2.3 Video Analytics

It is still in its developing stages, however, many algorithms like video indexing [32], anomalous

event mining [33], face recognition [34] are being published to make intelligent video surveillance a

reality [35], [36], [37] [9].

2.2.4 Predictive Analytics

It employs number of techniques, such as ad-hoc statistical analysis, predictive modeling, real-time

scoring, machine learning and more, on historical and current data to predict future [18], [38].

According to recent review by Forrester IBM, SAS and SAP are leading Big Data predictive

analytics solutions provider [39].

2.3 What is intelligence-led Security?

There are many definitions of the term “intelligence” for this study, however, Gill and Phythian’s

definition is the most appropriate:

“Intelligence is the umbrella term referring to the range of activities – from planning and

information collection to the analysis and dissemination – conducted in secret and aimed at

maintaining or enhancing relative security by providing forewarning of threats or potential threats

in a manner that allows for the timely implementation of a preventive policy or strategy, including,

where deemed desirable, covert activities.” [40], [41]

Figure 4: The intelligence cycle [41]

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 99

This definition talks about intelligencethat is “actionable”. Also it emphasizes on “context”,

that is again important for from security perspective [41]. It is equally important to understand that

“data” is not intelligence.

Unless the collected data (or Big Data) is not analyzed by in-house or third party tools it is just

“information”. Intelligence is derived only after the collected data is run through an intelligence

lifecycle [41], shown in Figure 4.

When security is based on such derived knowledge it is often referred as intelligence-led security. It

is not a new concept, Data-driven information security prevailed long ago, examples are bank fraud

detection, anomaly-based IDS or Security information and event management (SIEM) systems [41],

[42]. It is natural to ask if such systems existed long ago, why is there a need for change?

The problem is not software issue like a bug or an error in the existing systems, but the way these are

implemented and deployed in the organizations. Below sub-section talks about some of the key

limitations of existing security systems in Big Data realm.

2.3.1 Limitations of existing security systems

Reactive

Existing systems have a database of threats or exploits that are ‘known’, and how to tackle with

those is built-in to them as ‘rules’, in this sense they are reactive. That means their intelligence is

‘limited’ and can only be updated from outside. Some systems, however, update their database

frequently to provide a sense of ‘real-time’ intrusion detection [42], [14].

Manual

Many existing systems require manual or human inputs to work effectively like raising tickets to

report security incidents [42], analyzing hundreds and thousands of logs or watching surveillance

videos to trace back an incident during an investigation [9], [33].

Isolated

Most implementations of IDS or SIEM operate on single layer of network and often do not share

information about security incidents with each other [42], [41]. This limits them to see a holistic

view of an attack and makes them difficult to deploy in an cloud environment [42].

Homogeneous data

Existing security systems are not capable to work with heterogeneity in data or data sources [14],

[43], [26].

Insider attack

Almost all existing security systems keep a watch on the periphery of the network and does not look

for patterns or exploitation inside an enterprise network, making them vulnerable to zero-day

exploits [1], [42], [44], [45], [46], [47], [48].

Due to these limitations an evolutionary step to intelligence-led Security is required to proactively

seek weaknesses and manage them appropriately to protect enterprise network [49]. Some work has

already begun in this area in early 2009 a member-driven organization called Cloud Security

Alliance (CSA) was formed and released the very first comprehensive best practices document for

secure cloud computing [50]. Over the years they released several guidelines and best practices to

secure cloud by creating and maintaining meta-framework of cloud-specific security controls called

Cloud Controls Matrix (CCM) [51]. As a result following evolution in intelligence-led security is

anticipated by CSA:

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 100

Generation

Security

System Key feature

First IDS Layered security

Second SIEM Managing alerts

Third

BDA in

security Actionable Security

Intelligence

Table 1: Evolution of intelligence-led security [43]

2.4 Research gap

There is very limited knowledge available as to how an organization can leverage its existing cloud-

based Big Data Analytics infrastructure for extracting security intelligence. The research is scattered

into various areas such as video surveillance, cloud based SIEM, cyber threat intelligence and so on.

There isn’t any simplified or unified approach available in academia or industry, to implement a

Security Intelligence solution using Big Data Analytics in the Cloud. CSA is putting great effort to

standardize this next frontier. This paper is also one such attempt to bridge the gap by providing a

simplified model that allows organizations to implement such a solution and unlock potential

‘security value’ of Big Data implementation.

III. DISCUSSION

This section discusses the findings of the literature review and attempts to provide a simplified

reference model for a Security Intelligence solution leveraging Big Data Analytics in the Cloud.

3.1 Big Data Analytics for Security Intelligence

As discussed in earlier sections, that there is a clear need for an enhanced security system that should

be able to work with Big Data; and its perimeter is not limited to traditional WAN and computers but

its extended to cloud, mobile devices and things (IoT). Moving forward by defining the term

‘Security Intelligence’. According to Burnham (for IBM):

“Security Intelligence is the real-time collection, normalization, and analysis of the data generated

by users, applications and infrastructure that impacts the IT security and risk posture of an

enterprise. The goal of Security Intelligence is to provide actionable and comprehensive insight that

reduces risk and operational effort for any size organization.” [52]

Gartner defines it as below:

“Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable

advice, about an existing or emerging menace or hazard to assets that can be used to inform

decisions regarding the subject’s response to that menace or hazard.” [53]

Both definitions emphasize on ‘actionable insight’ and according to this study, a good Security

Intelligence solution would be the one that overcomes the limitations discussed in Section 2.3.1.

Furthermore, it should be able to utilize the existing infrastructure [49].

In order to extract ‘actionable insight’ a Security Intelligence solution must be built as a truly

unified solution with complex problem-solving capabilities, a single data management architecture

and a single user interface that guards against advanced threats and risks [52], [8]. Some of the key

capabilities of effective SI solution are discussed below [52], [8]:

Merging of data silos

Find interesting patterns between seemingly unrelated or ordinary activities and eventually provide

better insight for advanced threat detection.

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 101

Heterogeneity of data

Support to add data multiple disparate sources and ease of tuning analytics.

Unified Approach

Analysing massive data or events flowing from several network layers and devices on an integrated

platform to intelligently produce security alerts.

Real-time analysis

Using advanced analytical methods to process massive data to provide a view of what’s happening

right now across the network.

Before and after exploit insights

Collect and prioritize information about existing security weak spots to avoid breaches, and analyse

suspicious activities to identify breaches.

Automated forensic investigation

Perform exhaustive analysis of collected data to provide meaning information about incidents so that

security and network staff are less burden and can quickly build a remediation plan.

Anomaly detection

Analyse ordinary events for any deviation to proactively prevent attacks. This can avert insider

attack by a privileged user.

Less False positives

Using anomaly detection and real-time analysis false positives should be reduced to focus on top

priority incidents.

3.2 Reference model of SI leveraging BDA in the cloud

This section discusses how an existing cloud-based Big Data implementation be leveraged to

Security Intelligence solution. The key feature of this solution is that it is applicable to any size of

organization – small, medium or large. As it focuses on using Security Intelligence as a service

available in cloud implementation. In this solution, if an enterprise already has its Big Data

Implementation using Hadoop or other Big Data eco-system, SI as be deployed as a service on top of

existing infrastructure. However, if an enterprise does not have any Big Data implementation in their

organization then SI provider can use their own cloud-based implementation and by means of PKI an

organization can provide access to SI service. A unified user interface is would be available on Portal

and also can be accessed via mobile device. This model is scalable and fast, also it provides holistic

view of all the security related activities happening inside and enterprise WAN and cloud. This

model is adapted from SecaaS model described by CSA [54].

Figure 5: SI as a service in the cloud

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 102

IV. CONCLUSION

The objective of Security Intelligence using Big Data Analytics in the cloud is to acquire actionable

insights in real-time. This paper is an attempt to provide a simplified approach and a reference model

for implementing Security Intelligence as a Service in the Big Data cloud. There are some challenges

that require further research. These challenges must overcome in order to truly unlock the ‘security

value’ from Big Data Analytics. Below are some of the questions that must be answered:

1. Data provenance: Due to veracity nature of Big Data authenticity and integrity of data used for

analytics is questionable. Machine learning seems to be a viable solution to this problem, further

research can confirm.

2. Privacy: This is another big concern groups like CSA are working on security and privacy, and

often publish whitepapers and best practices.

3. Securing Big Data stores: this paper is focused on using Big Data analytics for security

intelligence, but on the flip side is the security of Big Data itself. Again CSA is publishing more

documents on security in Cloud Computing.

I hope that this paper provides a fundamental yet 360-degree view on how Big Data Analytics can be

used for Security Intelligence and lay ground for future research in this area.

ABBREVIATIONS AND ACRONYMS

BDA Big Data Analytics

CCM Cloud Controls Matrix

CSA Cloud Security Alliance

ETL Extract, Transform, and Load

FCA Financial Conduct Authority

IBM International Business Machines Corporation

IDS Intrusion Detection System

IoT Internet of Things

KPMG Merger of Peat Marwick International (PMI) and Klynveld Main Goerdeler (KMG)

PDF Portable Document Format

SaaS Software as a service

SAP (In German) "Systeme, Anwendungen und

Produkte in der Datenverarbeitung" (In English) “Systems, Applications and Products in Data

Processing”

SAS Statistical Analysis System

SecaaS Security as a service

SI Security Intelligence

SIEM Security Information and Event Management

WAN Wide Area Network

REFERENCES 1. S. Cates, “The evolution of security intelligence,”Netw. Secur., vol. 2015, no. 3, pp. 8–10, Mar. 2015.

2. Cisco, “Cisco Global Cloud Index : Forecast and Methodology , 2011–2016,” White Pap., pp. 1 – 41, 2014.

3. KMPG NZ, “Fraud Barometer,” 2014. [Online]. Available: https://www.kpmg.com/NZ/en/IssuesAndInsights/

ArticlesPublications/Fraud-barometer/Documents/Fraud-Barometer-edition-7.pdf.

4. KMPG UK, “Fraud Barometer,” 2014. [Online]. Available: http://www.kpmg.com/UK/en/IssuesAndInsights/A

rticlesPublications/Documents/PDF/Advisory/fraud-barometer-2014.pdf.

5. Financial Conduct Authority, “Anti-money laundering annual report 2012/13,” no. July, 2013.

6. S. Hipgrave, “Smarter fraud investigations with big data analytics,” Netw. Secur., vol. 2013, no. 12, pp. 7–9, 2013.

7. “SAS, eSecurity join security forces,” InfoWorld.com, 2003.

8. S. Bird, “The Case for Big Data Security Intelligence,” securityintelligence.com, 2014. [Online]. Available:

https://securityintelligence.com/security-intelligence-big-data-analytics-blurred-vision/.

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 103

9. F. X. Diebold, “A Personal Perspective on the Origin ( s ) and Development of ‘ Big Data ’: The Phenomenon , the

Term , and the Discipline ∗,” Soc. Sci. Res. Netw., 2012.

10. D. Laney, “3D Data Management Controlling Data Volume Velocity and Variety,” Appl. Deliv. Strateg., vol. 949,

no. February 2001, p. 4, 2001.

11. Gartner, “What Is Big Data?” [Online]. Available: http://www.gartner.com/it-glossary/big-data/.

12. A. a. Cárdenas, P. K. Manadhata, and S. P. Rajan, “Big Data Analytics for Security Intelligence,” Cloud Secur.

Alliance, no. September, pp. 1–22, 2013.

13. H. Chen and V. C. Storey, “Business Intelligence and analytics : From Big Data To Big Impact,” Mis Q., vol. 36, no.

4, pp. 1165–1188, 2012.

14. O. Kwon, N. Lee, and B. Shin, “Data quality management, data usage experience and acquisition intention of big

data analytics,” Int. J. Inf. Manage., vol. 34, no. 3, pp. 387–394, Jun. 2014.

15. TechAmerica Foundation: Federal Big Data Commission, “A Practical Guide To Transforming The Business of

Government,” pp. 1–40, 2012.

16. A. Gandomi and M. Haider, “Beyond the hype: Big data concepts, methods, and analytics,” Int. J. Inf. Manage., vol.

35, no. 2, pp. 137–144, Apr. 2015.

17. IBM, “IBM big data platform - Bringing big data to the Enterprise,” 2015. [Online]. Available: https://www-

01.ibm.com/software/data/bigdata/.

18. S. VARAH, “Big video data could change how we do everything -- from catching bad guys to tracking shoppers,”

VentureBeat. [Online]. Available: http://venturebeat.com/2014/11/30/big-video-data-could-change-everything-from-

catching-bad-guys-to-tracking-shoppers/.

19. SAP, “Small and Midsize Companies Look to Make Big Gains With ‘Big Data,’ According to Recent Poll

Conducted on Behalf of SAP.” [Online]. Available: http://global.sap.com/corporate-en/news.epx?PressID=19188.

20. Oracle, “Bringing the Value of Big Data to the Enterprise,” 2013. [Online]. Available:

http://www.oracle.com/us/products/database/big-data-appliance/value-of-big-data-brief-2008771.pdf.

21. SAS, “What Is Big Data?” [Online]. Available: http://www.sas.com/en_us/insights/big-data/what-is-big-data.html.

ukreja, M. A. (2015) – Security Intelligence: Leveraging Big Data Analytics in the Cloud R. Wang, “Monday’s

Musings: Beyond The Three V's of Big Data - Viscosity and Virality - A Software Insider's Point of View.”

[Online]. Available: http://blog.softwareinsider.org/2012/02/27/mond ays-musings-beyond-the-three-vs-of-big-data-

viscosity-and-virality/.

22. B. Vorhies, “How Many ‘V’s in Big Data – The Characteristics that Define Big Data.” [Online]. Available:

http://data-magnum.com/how-many-vs-in-big-data-the-characteristics-that-define-big-data/.

23. Big Data Alliance, “What is Big Data?” [Online]. Available: http://www.bigdata-alliance.org/what-is-big-data/.

24. SAS, “Big data analytics: What it is and why it matters | SAS.” [Online]. Available:

http://www.sas.com/en_us/insights/analytics/big-data-analytics.html.

25. A. Labrinidis and H. V. Jagadish, “Challenges and opportunities with big data,” Proc. VLDB Endow., pp. 2032–

2033, 2012.

26. J. Jiang, Mining Text Data. Springer International Publishing, 2012.

27. U. Hahn and I. Mani, “of Automatic Researchers are investigating summarization tools and methods that,” Comput.

33.11, no. November, pp. 29–36, 2000.

28. B. Liu, Sentiment analysis and opinion mining. Morgan & Claypool Publishers, 2012.

29. S. Kimura, “Advances in Speech Recognition Technologies,” in Fujitsu Scientific and Technical Journal (FSTJ) in

Human Interfaces, vol. 35, no. 2, Springer US, 1999, pp. 202–211.

30. H. A. Patil, “Advances in Speech Recognition Technologies,” in Fujitsu Scientific and Technical Journal (FSTJ) in

Human Interfaces, vol. 35, no. 2, Springer US, 2010, pp. 323–348.

31. W. Hu, N. Xie, L. Li, X. Zeng, and S. Maybank, “A survey on visual content-based video indexing and retrieval,”

IEEE Trans. Syst. Man Cybern. Part C Appl. Rev., vol. 41, no. 6, pp. 797–819, 2011.

32. F. Anwar, I. Petrounias, T. Morris, and V.Kodogiannis, “Mining anomalous events against frequent sequences in

surveillance videos from commercial environments,” Expert Syst. Appl., vol. 39, no. 4, pp. 4511–4531, Mar. 2012.

33. R. Gross and J. Shi, “Quo vadis face recognition?,” Third Work. Empir. Eval. Mehods Comput. Vis., 2001.

34. “Surveillance Analytics - Video Intelligence,” Verint Systems. [Online]. Available:

http://www.verint.com/solutions/security-intelligence-home/video-situation-intelligence/products/video-

surveillance-analytics/.

35. C. Norris, M. Mccahill, and D. Wood, “Editorial . The Growth of CCTV : a global perspective on the international

diffusion of video surveillance in publicly accessible space .,” Surveill. Soc., vol. 2, no. 2/3, pp. 110–135, 2004.

36. “Video Business Intelligence (VBI),” Verint Systems. [Online]. Available: http://www.verint.com/solutions/security-

intelligence-home/video-situation-intelligence/products/video-business-analytics/.

37. IBM, “Predictive Analytics - IBM Analytics,” 03-Jul-2015. [Online]. Available:

http://www.ibm.com/analytics/us/en/technology/p redictive-analytics/.

38. M. Gualtieri and R. Curran, “The Forrester WaveTM: Big Data Predictive Analytics Solutions, Q2 2015,” Forrester

Res., pp. 1–18, 2015.

39. P. Gill and M. Phythian, Intelligence in an insecure world. Polity, 2006.

International Journal of Recent Trends in Engineering & Research (IJRTER) Volume 02, Issue 10; October - 2016 [ISSN: 2455-1457]

@IJRTER-2016, All Rights Reserved 104

40. A. Liska, Building an Intelligence-Led Security Program. Elsevier, 2015.

41. R. Zuech, R. Wald, and T. M. Khoshgoftaar, “Intrusion detection and Big Heterogeneous Data: a Survey,” J. Big

Data, vol. 2, no. 1, pp. 1–41, 2015.

42. A. a. Cardenas, P. K. Manadhata, and S. P. Rajan, Kukreja, M. A. (2015) – Security Intelligence: Leveraging Big

Data Analytics in the Cloud “Big Data Analytics for Security,” IEEE Secur. Priv., vol. 11, no. 6, pp. 74–76, 2013.

43. R. Walters, “Managing privileged user activity in the datacentre,” Netw. Secur., vol. 2010, no. 11, pp. 6– 10, Nov.

2010.

44. R. Knights and E. Morris, “Move to intelligence-driven security,” Netw. Secur., vol. 2015, no. 8, pp. 15–18, Aug.

2015.

45. P. Somasekaram, “Designing a Business Intelligence Solution for Analyzing Security Data,” 2013.

46. B. Ghilic, – Micu, and M. Stoica, “COMBINING BUSINESS INTELLIGENCE WITH CLOUD COMPUTING TO

DELIVERY AGILITY IN ACTUAL ECONOMY.”

47. M. R. M. Talabis, R. McPherson, I. Miyamoto, J. L. Martin, and D. Kaye, Information Security Analytics. Elsevier,

2015.

48. S. Saunders, “Intelligence-led security assurance,” Comput. Fraud Secur., vol. 2014, no. 8, pp. 5–7, Aug. 2014.

49. Cloud Security Alliance, “History : Cloud Security Alliance.” [Online]. Available:

https://cloudsecurityalliance.org/history/.

50. CSA, “Cloud controls matrix,” pp. 1–2, 2014.

51. J. Burnham, “What Is Security Intelligence and Why Does It Matter Today?” [Online]. Available:

https://securityintelligence.com/what-is-security-intelligence-and-why-does-it-matter-today/.

52. R. McMillan, “Definition: Threat Intelligence,” Gartner, 2013. [Online]. Available:

https://www.gartner.com/doc/2487216/definition-threat-intelligence.

53. CSA, “SecaaS Category 7 Security Information and Event Management Implementation Guidance,” Secaas

Implement. Guid., no. October, 2012.

54.