Turning to Big Data for Security
Is Big Data all hype or is it the future of enterprise security?
IBM announced this week that its new security tool, IBM Security Intelligence with Big Data, will weed through terabytes and years of internal data to detect patterns of fraud and other shady activities from employees.
The idea behind it is that while the majority of data leaks tend to come from inside, enterprise security protocols should include a healthy look inward to stop problems before they occur. So that's what the IBM service does.
Security Intelligence with Big Data will analyze e-mails, Web traffic and social network activity in a company (in 500 TB cluster sizes), and try to identify a pattern of activity that could lead to a data leak if gone ignored.
"By analyzing e-mail you can say this guy is a disgruntled employee and the chance that he would be leaking data would be greater," said Sandy Bird, chief technology officer of IBM's security systems division, to the Wall Street Journal.
IBM isn't the only company looking to Big Data for security help. Security firm RSA also announced this week the availability of RSA Security Analytics. In PR tongue, the new offering is "a transformational security monitoring and investigative solution designed to help organizations defend their digital assets against today's most sophisticated internal and external threats."
RSA's goal is to not only ID potential threats, but to help enterprises construct a comprehensive security strategy based on the needs and potential threats the analytic software discovers. "By combining high fidelity forensic visibility with big security data collection and management, and a complete revolution in advanced analytics, RSA is helping organizations take their security programs and advanced security operations centers to a new level," said Amit Yoran, Senior Vice President of RSA.
According to Gartner's Neil MacDonald, the marriage of Big Data and Security is nothing new. In a blog post from March of 2012, he made the argument that the majority of security firms already use advanced analytics. However, instead of focusing only on a specific enterprise, they operate by monitoring the entire online security landscape.
"While the labs of Symantec, Trend, McAfee, Sophos, Microsoft, Sourcefire, Check Point, etc., etc. will be performing big data analytics on our behalf on their back end, they don't necessarily have detailed monitoring of our own enterprise network and systems (packet data, flow data, sessions, transactions and so on), wrote MacDonald. "The need for internal monitoring and big data analytics against this will be a cornerstone of our strategies to detect advanced targeted attacks that have bypassed traditional protection mechanisms (e.g. anomaly detection)."
So while he does think the push for Big Data in technology is based on a quite a bit of hype, you shouldn't outright ignore how data analysis could be used to strengthen (and, in some cases, redefine) your enterprise security.
"Big data analytics will be absolutely foundational to solving the next-generation of tough information security problems," concludes MacDonald.
Are you looking into implementing any Big Data security solutions? Or are you dismissing the hype train? Let me know in the comments below or at firstname.lastname@example.org.