Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

The Role of Big Data in Security

Using BigData for Enterprise Security

While Security Monitoring Generates Big Data, in its Raw Form it Remains Only a Means to an End…

Using BigData for Enterprise Security

While Security Monitoring Generates Big Data, in its Raw Form it Remains Only a Means to an End…

The volume of data required for information security to effectively detect advanced attacks, and at the same time, support new business initiatives is growing exponentially. Meanwhile, security operations staff is often required to piece together data from different sources, connect the dots, and detect suspicious patterns that would indicate a cyber-attack or data breach. Relying on manual processes to comb through mountains of logs is one of the main reasons that critical issues are not being addressed in a timely fashion. This explains why “Big Data in Security” is often considered a curse, despite its potentially powerful role within enterprise security.

There is a lot of hype surrounding Big Data in security. While it is often used in the context of boosting an organization’s revenue, Big Data represents a huge challenge for security practitioners. Mushrooming regulations (e.g., PCI DSS 3.0, NIST, FISMA, etc.) that mandate more frequent security posture assessments and mounting cyber-attacks are making matters worse. According to Gartner (see Information Security Is Becoming a Big Data Analytics Problem, written by Neil MacDonald, March 2012) “the amount of data analyzed by enterprise information security organizations will double every year through 2016. By 2016, 40% of enterprises will actively analyze at least 10 terabytes of data for information security intelligence, up from less than 3% in 2011.”

To ensure proper coverage, many organizations are relying on multiple, best-of-bread, silo-based tools (e.g., fraud and data loss prevention, vulnerability management, or SIEM) to produce the necessary security data. This only adds to the volume, velocity, and complexity of data feeds that must be analyzed, normalized, and prioritized. Unlike adaptive authentication, which is being used to automate behavioral pattern analysis for fraud prevention in the payments industry, many commonly used security tools lack the capability to provide self-analysis. The scale of security data that needs analysis has simply become too big and complex to handle. It is now taking months and even years to piece together an actionable picture.

Security Data InformationUnfortunately, relying on manual processes to comb through mountains of logs is one of the main reasons that critical issues are not being addressed in a timely fashion. According to the Verizon 2013 Data Breach Investigations Report, 69% of breaches were discovered by a third party and not through internal resources.

At the end of the day, the ultimate goal is to shorten the window attackers have to exploit a software or network configuration flaw. Big data sets can assist in putting specific behavior into context, but there are some real technological challenges to overcome. Traditional security tools operate in a silo and where not designed to also take business criticality into account to help prioritize remediation actions when dealing with huge data sets. This raises the question, how can organizations take advantage of big security data without having to hire a legion of new employees?

While security monitoring generates big data, in its raw form it remains only a means to an end. Ultimately, information security decision making should be based on prioritized, actionable insight derived from the data. To achieve this, big security data needs to be correlated with its business criticality or risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that in reality pose little or no threat to the business. Furthermore, big security data needs to be filtered to just the information that is relevant to specific stakeholders’ roles and responsibilities. Not everyone has the same needs and objectives when it comes to leveraging big data.

To deal with big security data and achieve continuous diagnostics, progressive organizations are leveraging Big Data Risk Management systems to automate many manual, labor-intensive tasks. These systems take a preventive, pro-active approach by interconnecting otherwise silo-based security and IT tools and continuously correlating and assessing the data they generate. In turn, this enables organizations to achieve a closed-loop, automated remediation process, which is based on risk. This results in tremendous time and costs savings, increased accuracy, shorten remediation cycles, and overall improved operational efficiency.

Big Data Risk Management systems empower organizations to make threats and vulnerabilities visible and actionable, while enabling them to prioritize and address high risk security exposures before breaches occur. Ultimately, they can protect against and minimize the consequences of cyber-attacks.

Advertisement. Scroll to continue reading.
Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.