Big Data, Big Data, Big Data... So what's the Big Deal? Well, according to a Security Brief issued by RSA, Big Data will be the driving force behind major changes across nearly every discipline in the security industry as intelligence-driven security models begin to dominate all major categories of vendor solution offerings. The brief asserts that analytics based on massive data sets will have a "market-changing impact" on everything from network monitoring to GRC, and is expected to also influence the design of common control systems like firewalls and DLP tools by employing "advanced predictive capabilities and automated real-time controls."
What's the engine driving the shift towards Big Data analytics? RSA points to the evolution of enterprise mobility options and cloud-based technologies which they believe have effectively undermined traditional security strategies that depend on static controls which focus on perimeter defense and are based on a "predetermined knowledge of threats."
“The game is changing... a security analysis tool that worked great two or three years ago doesn’t work so well anymore. You now have to look through a whole lot more data, and you have to look for threats that are far more subtle. Commercial tools are changing to take advantage of these Big Data streams coming online," said Booz Allen Hamilton's William H. Stewart of the trend.
Integrating Big Data analytics into enterprise security programs will allow for enhanced visibility and more proactive incident response capabilities, according to the brief, and intelligence-driven security will allow organizations to better defend against unidentified threats.
"An intelligence-driven security approach, supported by Big Data-enabled tools, incorporates dynamic risk assessments, the analysis of vast volumes of security data, adaptive controls and information sharing about threats and attack techniques," RSA said.
Effectively utilizing the power of Big data will require a hefty investment in processing capabilities, as the analysis of massive and fast-changing data sets will be dependent on hundreds, or even thousands of servers working in tandem, but the benefits will include the ability to discover hidden patterns that will provide robust predictive capabilities and greatly influence the risk management decision making process, according to the brief.
The shift to intelligence-driven security models will also require highly trained specialists with skill sets that include both an understanding of attacker methodologies as well as a thorough knowledge of enterprise risk abatement, and the current shortage of personnel with these prerequisite expertise may drive the expansion of third-party service providers to whom enterprises may need to turn for assistance.
To facilitate the adoption of Big Data analytics, the brief provides six primary guidelines:
- Aligning security programs under a holistic cyber strategy customized for the organization’s specific risks
- Establishing a data architecture that allows information to be captured, indexed, normalized, analyzed and shared
- Migrating from point products to a unified security architecture, because every product will introduce its own data structure that must be integrated into a unified analytics framework
- Organizations should look for open and scalable Big Data security tools that offer the architectural flexibility to change as the business or threat landscape evolves
- Data analytics is an area where talent is lacking. Data scientists with specialized knowledge in security are scarce, so many organizations should prepare to turn to outside partners to supplement analytics capabilities
- Augmenting internal security analytics programs with external threat intelligence services from trustworthy sources
"In the coming year, top-tier enterprises with progressive security capabilities will adopt intelligence-driven security models based on Big Data analytics. Over the next two to three years, this security model will become a way of life," said Eddie Schwartz, RSA's Chief Information Security Officer.