Yesterday, Google announced a new feature that alerts web surfers when their PCs might be infected with malware, but it’s hardly the only company using big data to fight cybercrime. We’ve covered a handful of them of over the past couple years, and here are five that stand out:
Panda Security: In 2009, Panda got an early start on providing cloud-based antivirus software. It’s relatively simple in premise: create a central database of security threats collected from users’ machines and feed the antivirus scanner with that data. Plus, running in the cloud means the application can perform much of the heavy computational lifting in the cloud, saving users’ machines from the cycle overload often associated with antivirus software.
Google: With its news yesterday, Google found a great way to leverage its vast amounts of machine-generated data to combat malware. Essentially, Google is monitoring search-engine traffic for anomalies associated with a particular strain of malware. When Google detects that user traffic is coming to it in a questionable manner, it alerts users so they can try to resolve the problem using their existing security tools.
ipTrust: Big data tools have numerous uses beyond those for which they were created, including detecting and preventing botnet activity. IpTrust uses a farm of Amazon EC2 servers running Hadoop and the Cassandra NoSQL database to store, process and analyze terabytes of security-event data per day. The end results are reputation scores for countless IP addresses, which lets users and third-party security products track down the source of malicious activity or even prohibit traffic from entering their networks.
Kindsight: Kindsight does deep packet inspection to find malicious activity within traffic as it traverses the Internet, before it ever gets to consumers’ computers. The company has generated some controversy, however, because it also uses the deep-packet data it gathers to serve up ads that help keep the service free to the ISVs that adopt it.
Incapsula: Web application firewalls are nothing new, but Incapsula is trying to advance the space by crowdsourcing the task of gathering threat information. It’s similar to what companies like Panda do for cloud antivirus products, only the database serves firewalls for web apps. As icing on the cake, though, Incapsula also acts as a CDN by letting users cache and serve content from its global pool of servers.
This list is in no way exhaustive, though, so if you know of a cool new service taking advantage of big data sources to combat cybercrime, please point to them in the comment section. It’s a big space that’s only going to get better as we improve our abilities to find patterns and insights from the vast amounts of data flowing over the web.