Big data will transform IT security as the industry shifts towards intelligence-driven security models, according to RSA, the security division of storage giant EMC.
Organizations will shift to using big data analytics within the next few years to intelligently assess threats and risks and make better security decisions, RSA said in its security brief released Jan. 17. The intelligence gleaned from unstructured data will allow enterprises to drive major changes in conventional security controls such as anti-malware, data loss prevention, and firewalls, RSA said.
Within the next two years, big data analytics will disrupt the status quo in most information security product segments, including SIEM [security information and event management]; network monitoring; user authentication and authorization; identity management; fraud detection; and GRC [governance, risk, and compliance], the security firm predicted.
Considering that security professionals are currently struggling to wrangle any actionable insights out of large amounts of data being collected from logs and event management systems, the shift towards deeper analytics will improve how security intelligence is derived. Security teams will be able to use automated risk assessments and threat detection to predict and block an incident before it can cause any damage.
Within three years, data analytic tools will evolve to enable "a range of advanced predictive capabilities and automated real-time controls," according to the brief.
These new controls and capabilities will help defend against fraud and stealth attacks. The collected data should include full packet capture, external threat intelligence feeds, website clickstreams, Microsoft outlook calendars, and social media activity. Organizations can used the information to build extensive profiles of both users and systems to spot abnormal activity or behaviors that may be a sign something is wrong.
To take advantage of this transformation, organizations need to invest in their security teams to ensure they have the analytic capabilities to understand the data. Security professionals with the necessary skill sets are scarce, and they will remain in high demand, the company said.
"Security teams need analysts who combine data science with a deep understanding of business risks and cyberattack techniques," RSA said.
RSA has made substantial investments in big data and analytics, with its acquisition of NetWitness in 2011 and Silver Tail Systems, a Web analytics and behavioral analysis firm, for an undisclosed sum last year.
In the security brief, RSA listed guidelines on how organizations can plan their move to big data. One of the key points was to focus on a holistic cyber-security strategy and unified architecture. Organizations will need to collect vast amounts of information from multiple sources in multiple formats in real-time, and each new data structure needs to be integrated into the analytics platform.
Companies should be thinking about setting up a centralized warehouse where all security-related data is captured, indexed, normalized, analyzed, and shared.
Ongoing investments should favor technologies using agile analytics-based approaches, not static tools based on threat signature or network boundaries, RSA said.