Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

When it Comes to Security, Big Data isn’t Big Enough

Big Data means different things to different industries and organizations. Today, Big Data not only describes the large and complex data sets that organizations are dealing with, it is also used to describe capabilities found in technologies that produce, process, analyze and protect data.

Big Data means different things to different industries and organizations. Today, Big Data not only describes the large and complex data sets that organizations are dealing with, it is also used to describe capabilities found in technologies that produce, process, analyze and protect data.

Within the security industry, SIEM, DLP, secure email gateway providers and other product vendors have been quick to use Big Data as an adjective when describing their solutions’ capabilities. When used in this way, providers are implying directly that their technologies can sift through mountains of data and spot event and activity trends.

From a security standpoint, the sheer number of breaches that plague organizations have made it obvious that on their own — and even when used in tandem with each other — none of the so-called Big Data security solutions have been able to provide organizations with effective risk analysis. This isn’t necessarily because they lack the processing power needed to analyze Big Data sets, but rather because there is certain data that is being overlooked. When it comes to security, as strange as it may sound, Big Data isn’t yet big enough.

Recognized Big Data security solutions can only examine data that administrators and engineers have programmed them to identify. They cannot, on their own, choose to browse data sets that they “think” might yield information, nor can they detect information about risky user behaviors that hasn’t been captured.

To unlock the potential risk-reducing power of Big Data, organizations need to identify missing risk information. In order to identify this missing information, organizations need to turn to new and emerging technologies.

For example, when utilizing Big Data to identify compliance violations or insider threats via employee actions, organizations tend to rely on data the focuses on something an employee interacts with – firewall logs, file system auditing logs, application logs and the like. These are all considered in an effort to be able to paint a picture of what an employee did from the puzzle pieces found in the logs. The missing information in this scenario is the user activity itself. If given the ability to add individual user actions (think along the lines of details about every email sent, file opened, website visited, document printed, etc.) into the Big Data mix and you now have a far more complete picture of what those within the organization are doing when it comes to issues like data security, compliance and employee fraud.

There are, of course, many rising solutions worthy of discussion that can help address the missing risk information problem; too many to consider in a single article. So for today, let’s focus on User Activity Monitoring (UAM) technologies. UAM provides a level of additional information and advanced analysis that the aforementioned Big Data security technologies can’t provide when addressing issues around employee activity and how those activities impact risk within the IT environment.

UAM reveals insights into how employee groups and individuals are accessing and sharing data, what types of risky online activities they engaged in, how frequently they visit websites and open emails that expose data to risk, and whether or not they are following security protocols when accessing Web applications and databases. No organization that wants to understand how and where its data is at risk can ignore these data points, and this type of information can only be gathered through UAM solutions.

Advertisement. Scroll to continue reading.

There are many competing UAM solutions on the market. Each provides varying levels of insight into user activities taking place on the network. Solutions offering complete 360-degree monitoring capabilities work across the leading OSs and mobile platforms, capture and make ready for playback user activities at the computer screen level, can target high-risk users, and provide alerts when risky behaviors begin.

Integrating UAM and other emerging technologies into Big Data enabled security strategies is a step that some organizations have already taken. These early adopters are finding out that when they enhance existing data sets with user activity information, such as cross referencing the Web log data that shows the employee’s device accessing the DropBox IP address and the video replay of employee copying data to the tool, they are able to better identify high-risk trends that are driven by employee activities. And, they are experiencing results that are allowing them to reduce risk across their environments.

Unfortunately, many organizations are having a difficult time cutting through the FUD and marketing hype that many vendors are aggressively disseminating. In addition to articles such as these, there are many resources available that can assist organizations in their Big Data security decision and investment processes:

– Most Attacks Are External, But Never Underestimate The Insider Threat; SecurityWeek; May 1, 2013:

– Invest in Information and Analytics to Benefit From Big Data; Gartner, March 8, 2013:

User Activity Monitoring Revealed; Help Net Security, June 20, 2012:

IBM underpins security intelligence and APM releases with Big Data analytics; Ovum, March 19, 2013:  

Big Data Security Analytics or Big Data IT Analytics?; ESG, Jan. 30, 2013:

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...