Take these steps to adopt a big data approach to security
As organizations race to acquire the means to capture, store and mine vast quantities of data, there’s another big data imperative emerging – protecting the enterprise and its data assets.
As the “Insight Economy” continues to flourish, and computing velocity and transaction throughput grows, more data is generated, and more business models dependent on information emerge, the need for new tools to scale and streamline security becomes paramount.
One of the “biggest” big data use cases is in the area of security analysis. Traditionally security analysis has tended to be reactive – aggregating large amounts of login, firewall, intrusion detection system and other security data feeds and often only reviewing it after an incident has occurred to determine the cause. Today, analytics running in the background of this information pool can provide a more real-time and proactive approach to analysis. This empowers organizations to detect abnormalities — the “needles in the haystack” that can be harbingers of harm — and take action to mitigate these threats before they materialize.
As more organizations become stewards of more and more data in the cloud, the onus of securing that data grows as well. Data breaches erode market confidence and can be costly to margins and to contain.
Today it’s not uncommon to have hundreds or thousands of security systems and applications generating millions of log events per day. Organizations keep all this data and the metadata on how it behaves in normal operation. This current model is unsustainable. A better approach is to create a big data analytics model that detects anomalies and exceptions and captures and stores this data once it deviates from the model. This is akin to removing the haystack to look closer at the needles.
The use of big data ushers in a whole new era of automation in data security, allowing organizations to scale data security operations with fewer human resources. Leveraging a big data approach creates a sensing, responsive, autonomic security fabric that frees up IT personnel from “busy work” to redirect focus to greater value-added efforts such as optimizing other layers of the security stack.
Big data machine learning and data analytics are quickly become integrated into the practice of enterprise security. This will have significant impact on data security practices over the next few years and potentially unleash some of the biggest changes and advances to date in this fast moving industry.
So what should IT leaders do to ready themselves to adopt a big data approach to security?
First, make sure you are consolidating your security data into a common store. Many organizations have different tools and systems for collecting data which are siloed and don’t talk to one another. This makes it nearly impossible to run analytics tools on top of the data to get a “big picture” view of security and risk, so consolidation is a first and foundation step.
Secondly, before adopting a big data security approach, do a skills audit and forecast to assess key capabilities needed now and in the future. The reality is expect to have to work harder and pay more to find IT Security & Risk Management talent that has this rare combination of big data/security expertise.
Organizations that address these two foundational aspects will be well prepared to support the new art and science of data security initiatives.