Solid Protect Sdn. Bhd. is a leading company that utilizes state-of-the-art cybersecurity technology to safeguard and protect its clients and users from Internet threats such as network intrusion, phishing, spyware attack, virus attack, DDoS, etc. The cybersecurity experts from the company have helped many organizations to minimize malicious attacks from external attackers by configuring and customizing effective Intrusion Prevention Systems (IPS) for them.
However, a good IPS requires a lot of analysis on a huge amount of network activity data and sometimes the network data can reach up to 10 TB per day. Storing these data in a conventional way is expensive, as such log files are only kept for a few days. With time, handling such large and increasing amounts of data has caused the processing infrastructure to become more time-consuming.
For example, searching for a specific type/protocol of network data for a medium size company may require a tedious data extraction process. This is because network devices such as firewalls, routers, switches, etc. have different log formats. Hence retrieving the data with heterogeneous formats is a challenging task, and it may take up to several days to complete the task. This may not sound like an acceptable or realistic answer today when cybersecurity experts need to analyze and identify the network threat as soon as possible.
Another major issue that needs to be addressed quickly is to find a better way to store, query, and visualize these excessive network data in a more integrated platform. Currently, each of them uses a separate tool or platform to complete the task. For example, the network activity data is stored in a file-based system. The data is accessed and extracted using C++ programs, and the data is analyzed and visualized using an application such as Excel.
Analyse and derive a big data solution for SolidProtect Sdn. Bhd. in handling the three data issues (storage, query, visualization) and reducing the time to identify network threats, as well as cheaper cost than the conventional approach. Your proposed solution must also address the followings: