LIA TIMSON August 07, 2012
How do you pinpoint the right bit of information? Photo: istock
Is big data the secret to mining potential threats and adversaries?
You might as well call it big picture. Big data, one of the latest IT buzzwords, describes the myriad unrelated data sources a company needs to understand in order to draw meaningful insights that will inform business decisions.
Call it business intelligence or analytics, just on a much bigger scale, driven by the exponential increase in the amount of data generated not only by business applications but also by the rapid adoption of smartphones and tablets, and machine-to-machine systems.
Now everyone is tapping into the potential of big data to sell technology software and hopefully solve small and big problems. Like computer security.
In Australia last week for customer visits, Eddie Schwartz, the chief information security officer at EMC's security division RSA, called upon "big data" to dazzle an eager audience of analysts and chief information officers at some of the country's biggest companies and government agencies.
In an interview with IT Pro, Schwartz explained RSA's next push: unified security analytics to make sense of, you guessed it, numerous stand-alone security programs that are still not giving companies a good enough insight into their security vulnerabilities.
Using technology from Netwitness, RSA is hoping to release an aggregated analytics product – a unified console – that promises an accurate view of security data produced by various other products, from packet data logs to press feeds. It is now in beta testing by some customers in the US, Schwartz said. RSA bought Netwitness around the time the latter discovered the reputation-devastating breach at the computer security giant last year.
"Security people before could do whatever they wanted in combining products or having products that didn't talk to each other, but if you look at the rest of the IT [infrastructure], they've already looked at optimising storage, and integrating things.
“So security people are now having to look at the total cost of ownership [of security tools] and see how they can participate in a global intelligence framework,” he said.
Last month, at the annual Black Hat computer security gathering in Las Vegas, the audience was told by a former FBI cybercrime unit chief, Shawn Henry, who is now at the security start-up CrowdStrike, that it is time to think of cyber offence as the best form of defence.
Would that mean striking hackers and hacktivists before they arrive on your back doorstep?
“I'm not advocating one way or another on active defence,” Schwartz said.
“I have no opinion on their business model. But the balance of investment on security has been too weighted towards prevention.”
Schwartz said companies were too reliant on vendors for their cyber security – be it perimeter security, monitoring or intrusion alerts.
“If intelligence is the starting point and includes collaborating with your peers and with government, then it can drive the decisions about the solutions you are integrating and [helping] make those products smarter,” he said.
It's the difference between living on an island wondering why you're being attacked even though you have a fortress, and having the intelligence to anticipate attacks, he said.
“Big data takes us into this notion of predictive analysis. [With it] we can start to see trends, understand trends and we can understand profiles of threats and adversaries, relative to cyber criminals, hacktvists and nation states.”
Neil MacDonald, vice president, distinguished analyst and Gartner Fellow in Gartner Research, has called for the use of big data in security for at least a year. He said while the term has enjoyed considerable hype, there was still a role for it.
“In fact, I'd argue that most information security providers are already performing what would be characterised as big data analytics processing on their back-ends to process the large numbers of events, IP addresses, URLs, files and other attributes used to identify and track threats,” MacDonald wrote on a recent blog post.
MacDonald said while big data analytics was “no doubt heading towards the peak of inflated expectations” – a Gartner term referring to a technology's hype cycle – information security problems could still benefit from its application.