Security experts turn to big data for help
Until recently, a good security analyst could eyeball a stream of data and detect a malicious attack if he or she could isolate the right view of the data. Like many traditional practices in IT and networking, the deluge of data is making eyeballing a lost art. The quantity and variety of data and the frequency of attacks has made it harder to isolate the right view and detect attacks. So, security companies are beginning to incorporate big data techniques to improve threat detection and prevention.
Paul Stamp, director of product marketing for RSA, the security division of EMC, said attacks are not only getting more frequent, but they are also getting more subtle. "Fairly simple attacks can hide in plain site because there is so much data to look at. That's why you have to bring in other contextual information about an organization," he said.
Current techniques, such as Security Information Event Management, rely on log data but emerging threats don't manifest themselves in log data until after a threat is well on its way, Stamp said. This makes it necessary to look deeper into more data sets for the tell-tale characteristics of an attack. While log data can be considered structured data, logs from multiple sources, some standard and some not, is the equivalent of unstructured data and requires big data techniques to analyze.
RSA and IBM (NYSE: IBM) launched big data-based security solutions in the last week and smaller players like RedSeal followed suit.
RSA released RSA Security Analytics which combines SIEM, network forensics and big data analytics. Stamp said that among other improvements, it will reduce the "attack of free time", the lapse of time between an attacker getting into an environment and getting detected. And by fusing data produced by other products, analysts will be able to use business context to prioritize and allocate resources to the threats that pose the greatest risk.
Jon Oltsik, senior principal analyst at Enterprise Strategy Group, said the big data phenomenon could make organizations rethink their choice of security solutions. "Marrying intelligence-driven security with big data analytics has the potential to help enterprises address the complex problem of advanced threats and thus meet a significant need in the marketplace," he said.
IBM launched it IBM Security Intelligence with big data last week. It integrates security intelligence with big data analytics and allows security analysts to go beyond typical security data to identify malicious cyber-activity. This solution uses real-time correlation and custom analytics on structured data, such as security device alerts, operating system logs, DNS transactions and network flows, as well as the unstructured data of emails, social media content and business transactions.
In response to what is being called a sophisticated attack on Twitter and major media outlets this week, Mike Lloyd, CTO at RedSeal Networks said, "The breach at Twitter is yet another wakeup call--have we had enough yet?" Attackers are clearly a step ahead of most defenders--it's a war between corporations and data thieves, and we're losing."
To regain the upper hand, RedSeal too is looking to big data to provide deeper metrics and insights for network security and to protect what it calls the dark spaces of network infrastructure that are unmanaged, unmonitored, and unseen by security tools because administrators don't know they exist. RedSeal says they comprise 18 percent of the infrastructure.
Parveen Jain, president and CEO of RedSeal Networks, said, "You can't protect what you can't see" and that his new security platform shines a light on those blind spots in IT networks using big data analytics.