January 3, 2024
Dan Ortega

Shining a Light on Dark Data

Dark Data. Sounds kind of cool/scary, but what is it? And why should you care? Short version? It's the data in your organization that you don’t see, don’t (or can’t) track, and there’s a LOT of it. Dark data lurks in the storage shadows of your organization – filled with overlooked or unknown insights that could lead to potential exposure, cyber threats, compliance risks, and more.

This rapidly expanding reservoir of dark data lives throughout your systems and data repositories – obscure logs, metadata trails, encrypted databases, emailed attachments, abandoned projects, and legacy archives. Like exploring a cavern with a dim flashlight, you get the sense there’s something worthy of further exploration, but you can’t quite define the scope because you lack the tools to give you a clear picture. 

Yet this obscure data can, and already is, putting your organization at avoidable risk. Analysts estimate over 80% of an organization's data qualifies as dark. What trends, threats, and patterns are hidden out of sight? What approach can reveal and remediate potential risks associated with these overlooked data stores?

Next-gen Security Analytics solutions can provide the visibility needed to chart this unmapped territory. AI-driven analysis is particularly adept at uncovering subtle patterns in massive data sets that can reveal e.g. hidden APTs (advanced persistent threats), system intrusions, regulatory non-compliance, lapses in data governance, and potential emerging business risks. 

The digital innovation that drives most businesses has, ironically, also produced an explosion of undiscovered dark data. Your organization’s next defensive breakthrough very likely resides in these unaudited information resources, but you need the right searchlights to uncover unidentified exposures. Powerful AI security analytics tools are ready to uncover this data, refine it into intelligence, and illuminate an actionable path forward.

To make this workable, let’s look at specific examples within dark data as it applies to cybersecurity.  Some of the potential top opportunities to leverage "dark data" include:

  • Analyzing log data – Massive and unending volumes of log data from networks, endpoints, SaaS apps, etc. often go uninspected due to being unstructured and overwhelming. Having the right tools to analyze this vast repository is an excellent way to uncover hidden potential threats. It would also be convenient to be able to process petabytes of data in seconds, right?
  • User behavior analytics – Details on user activities, anomalous behaviors, and insider threats can be extracted by aggregating identity and access data across systems. Since most risks are introduced by users, correlating this information quickly can significantly improve your security posture. 
  • Passive DNS analysis – Collecting and linking DNS requests can uncover malicious domains used for command and control or data exfiltration.
  • Data loss prevention – Dark data repositories like file shares, databases, and cloud storage can be analyzed to find risky data exposure and misuse.
  • End-of-life system data – Asset management data can reveal vulnerabilities for EOL systems no longer getting patches/support.
  • Appending public data – Combining organization data with public breach corpora, (is corpora a word?) WHOIS domain data, threat feeds, etc. can provide external context to detect threats.
  • Uncovering toxic data – Scanning stored datasets to ensure they don't include private, toxic, or weaponized data that could cause brand, ethics, or data poisoning issues if deployed.

Getting visibility into these vast reservoirs of dark data can expose risks and threats that evade existing security measures. This problem already exists in your organization, it's growing by leaps and bounds, and this trend is accelerating asymptotically. You can’t kick this can down the road, so the sooner you address this issue the better off everyone in your organization (and your customers) will be.

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.