Much has been heard about the Big Data Security. The main theme for the RSA Conference 2013 was Security and Knowledge, most of the vendors during the conference had only one thing to speak about and that was Big Data and security. The debate soon gave rise to a lot of questions and confusion pointing towards the security industry.
Surely, there’s a lot of data that is linked with security, and most of that Big Data is stored on huge repositories of logs. What’s even more enlightening is that Big Data is captured on the network and is then analyzed according to records and events of the networks activity. However, does this mean that Walmart is using Big Data? Or the way Netflix or Amazon could be using Big Data to figure out what you like? Or the way Facebook magically sends you ad feeds based on what your friends have been posting? Or is this Big Data the means in which you would want your credit card company to take note that you’ve purchased an overseas flight, so they shouldn’t call you with fraud alerts, when they find transactions in different countries?
No! Not at all, Big Data Security is all about matching security intelligence with the right amount of collected data. Security intelligence consists of Knowledge of threat actors, tools they use, the IP address they use, and who they’ll be targeting. Security intelligence is known to reduce the amount of data that has to be managed, stored and captured.
Nevertheless, if you’re attacked by a group of ten on any given day, so do you really get any value out of collecting alerts from hundreds of applications, thousands of users and millions of devices when only a few of them are part of the attack? The data itself is considered to be of zero value. The value that the Big Data is given comes from the security intelligence that can remove the attacks from the data. In fact, most people should view Anton Chuvakin’s of Gartner post on Big Data Security where he discusses responding to alerts versus security exploration.
And as the Director of Marketing RSA, Security Division of EMC, Rob Sadowski points out that the network activity is changing the way security teams will operate. Data collection and instrumentation are still very crucial, but applying filters which are derived from intelligence is the right path to truly achieving better security.