Text analytics broadens its reach
“Today’s breaches are tomorrow’s lawsuits, and cybersecurity solutions not only need to quickly deliver information that helps detect and remediate the breach, determine what data (if any) was compromised, and harden security to prevent similar incursions in the future, but it also needs to gather evidence for potential conversations with insurance companies, regulators, attorneys and the courts,” says Sean Byrne, head of e-discovery solutions at Nuix.
Nuix Incident Response is a cybersecurity module designed to determine the origin of a data breach and remediate it. It provides a 360-degree view of a breach,” Byrne says. “This product can identify and isolate an IP address to find out where an intruder is located; detect executables that are modifying themselves on the network; and gather other important data points such as device access, log events, network intrusion patterns and Internet history.” The Context user interface correlates those seemingly disparate events and federates them into a timeline-based story that provides details about how and when a breach occurred.
Leveraging dark data
Nuix’s ability to use text analytics to detect patterns makes it well suited to monitoring a normal state of security and then comparing it to real-time status to see if the traffic is showing unexpected behavior. That might include noticing an unusual number of new e-mail addresses or meaningless content in a message.
Text analytics can be used for investigative activity both in response to incidents such as data breaches or lawsuits to understand the full context, and in a proactive way to anticipate problems before they occur. One fruitful area for text analytics is to exploit dark data, which is information collected for a particular purpose but then not analyzed for any further insights.
“An estimated 80 percent of a company’s information is believed to be dark data,” says Byrne, “and its potential value is usually overlooked. In a typical e-discovery matter, a user might use analytics to surface highly relevant documents quickly to reduce time to knowledge for the legal team. But by using analytics on a broader scale to tap into dark data, companies can create business intelligence that has impact well beyond the legal department.”
Data buried in legacy archives and within server logs can be mined to determine patterns that can predict fraud, trade secret theft, harassment claims, management turnover, stock price variations or whether a company is likely to fail within the coming year,” Byrne explains. “This type of proactive monitoring helps companies achieve situational awareness and detect red flags that could affect their performance or stability. Used correctly, analytics have the potential to become virtual ‘canaries in the coal mine,’ warning of impending danger.”