Data mining for information security

On Habré, they wrote a lot about the IBM Watson supercomputer. It is assumed that such a machine should serve people: to help diagnose and solve other complex problems by analyzing arrays of structured and unstructured data. But can the data mining system be adapted for the information security needs of the company?

IBM has released IBM Security Intelligence with Big Data solution for analyzing information flows within the company: network traffic, logs, technical data, and even corporate email and employee messages on Twitter. Technology Director of IBM Security Systems Sandy Bird (Sandy Bird) said that the automatic scanning of mail and social media allows you to quickly identify "dissatisfied" employees who can become sources of confidential information leaks.

“By analyzing the e-mail you can conclude that this guy is a disgruntled employee, and the chances of data leakage from him are higher,” says Sandy Bird. The system analyzes the emotional tone of employee text messages, summing up the evaluation of each word / phrase (positive, neutral, negative) and calculating the total value of the entire message.
')
Among the risk factors may be such that when communicating with the manager and when communicating with interlocutors outside the company, the employee has a different emotional tone of messages. The IBM Security Intelligence platform allows you to tag such an employee for further verification by the IT department.

In addition to content analysis, the IBM Security Intelligence system analyzes network logs, records all network packets and other technical information to look for "anomalies." The system is based on the Hadoop DB, with a graphical frontend for visualizing and studying data.