Advertisment

Security Leaders Urge Organizations to Prepare for Big Data Revolution in Information Security

author-image
PCQ Bureau
New Update

RSA, The Security Division of EMC, released a Security Brief asserting that Big Data will be a driver for major change across the security industry and will fuel intelligence-driven security models. Big Data is expected to dramatically alter almost every discipline within information security. The new Brief predicts Big Data analytics will likely have market-changing impact on most product categories in the information security sector by 2015, including SIEM, network monitoring, user authentication and authorization, identity management, fraud detection, and governance, risk and compliance systems.

Advertisment

Authors of the Brief assert that changes driven by Big Data have already begun. This year, leading security organizations will deploy commercial, off-the-shelf Big Data solutions to support their security operations. Previously, the advanced data analytics tools deployed within SOCs were custom-built, but 2013 marks the beginning of the commercialization of Big Data technologies in security, a trend that will reshape security approaches, solut ions, and spending over the coming years.

Longer term, Big Data will also change the nature of conventional security controls such as anti-malware, data loss prevention and firewalls. Within three to five years, data analytics tools will further evolve to enable a range of advanced predictive capabilities and automated real-time controls.

Today' ;s hyper-extended, cloud-based, highly mobile business world has rendered obsolete prevailing security practices reliant on perimeter defenses and on static security controls requiring predetermined knowledge of threats. That's why security leaders are shifting to an intelligence-driven security model-a model that is risk-aware, contextual and agile and can help organizations defend against unknown threats. An intelligence-driven security approach, supported by Big Data-enabled tools, incorporates dynamic risk assessments, the analysis of vast volumes of security data, adaptive controls and information sharing about threats and attack techniques.

Advertisment

The Security Brief presents six guidelines to help organizations begin planning for the Big Data-driven transformat ion of their security toolsets and operations as part of an intelligence-driven security program.

1. Set a holistic cyber-security strategy — Organizations should align their security capabilities behind a holistic cyber security strategy and program that is customized for the organization's specific risks, threats and requirements.

2. Establish a shared data architecture for security information — Because Big Data analytics require information to be collected from various sources in many different formats, a single architecture that allows all information to be captured, indexed, normalized, analyzed and shared is a logical goal.

Advertisment

3. Migrate from point products to a unified security architecture —Organizations need to think strategically about which security products they will continue to support and use over several years, because each product will introduce its own data structure that must be integrated into a unified analytics framework for security.

4. Look for open and scalable Big Data security tools — Organizations should ensure that ongoing investments in security products favor technologies using agile analytics-based approaches, not static tools based on threat signatures or network boundaries. New, Big Data-ready tools should offer the architectural flexibility to change as the business, IT or threat landscape evolves.

5. Strengthen the SOC's data science skills — While emerging security solutions will be Big Data ready, security teams may not be. Data analytics is an area where on-staff talent is lacking. Data scientists with specialized knowledge in security are scarce, and they will remain in high demand. As a result, many organizations are likely turn to outside partners to supplement internal security analytics capabilities.

6. Leverage external threat intelligence — Augment internal security analytics programs with external threat intelligence services and evaluate threat data from trustworthy and relevant sources.

The result of integrating Big Data into security practices, according to the Security Brief authors will be greatly enhanced visibility into IT environments, the ability to distinguish suspicious from normal activities to help assure tr ust in IT systems and vastly improved capabilities for incident response.

Advertisment