RSS Alerts

Share

More services

Related Stories

  • Digital Universe is headed for 40 ZB, but Big Data lacks protection
    We are without a doubt in an era of Big Data, as enterprises are seeing escalating video and data traffic, growth in cloud applications and a mushrooming of fixed and mobile devices attaching to corporate WiFi networks. But out of all the data that’s being generated – a full 2.8 Zettabytes (ZBs) in 2012, according to IDC – only half of the sensitive stuff is adequately protected.
  • The salami apocalypse – big data in the wrong hands
    The world is not facing a Mayan calendar doomsday next month so much as a salami apocalypse next year: threats built layer upon layer from small bits of information that can be combined into detailed personal profiles.
  • Most Big Data implementations feature no security beyond passwords
    The Big Data revolution, spurred by technologies that allow companies to collect, manage and analyze very large data sets thanks to cluster-based computing architectures – is creating vast repositories of mission-critical information that are, in turn, creating new security concerns. Unfortunately, a new white paper finds that most enterprises are relying solely on passwords to protect their data.
  • Cloud Security Alliance gets large on Big Data
    Providing security for virtual and remote environments that may be connected by open networks is a IT hurdle in and of itself on even a small scale, but in the context of the Big Data phenomenon stemming from cloud-based data centers, the challenge increases exponentially. To help the situation, the Cloud Security Alliance (CSA) has launched its Big Data Working Group (BDWG), to be led by Fujitsu, eBay and Verizon Business.
  • Big Data Analytics should be used for security as well as commercial purposes
    “Big data analytics can improve information security and increase cyber resilience” claims a new report from the Information Security Forum (ISF).

Top 5 Stories

News

Big Data to drive massive overhaul in security practices in next 24 months

17 January 2013

As businesses increasingly move to accommodate more devices, applications, partnerships, modes of communication and, of course, customer-centric data, the amount of information they have to contend with is exponentially growing.

 

That’s the word from RSA, which predicts in a report on Big Data that we will see a market-changing impact on most product categories in the information security sector by 2015, including SIEM, network monitoring, user authentication and authorization, identity management, fraud detection, governance, risk and compliance systems.

One of the largest shifts in the market will be the availability of commercial, off-the-shelf Big Data solutions to support security operations. “Previously, the advanced data analytics tools deployed within security operations centers were custom-built, but 2013 marks the beginning of the commercialization of Big Data technologies in security, a trend that will reshape security approaches, solutions, and spending over the coming years,” RSA said in a briefing emailed to Infosecurity.

Longer term, Big Data will also change the nature of established security approaches. In the next three to five years, data analytics tools will further evolve to enable a range of advanced predictive capabilities and automated real-time controls.

“Big Data is changing the nature and addressing the limitations of conventional security controls such as signature-based anti-malware and firewalls as well as rules-based identity and access management tools,” said Sam Curry, CTO for Identity and Data Protection and chief technologist at RSA. “Big Data is being applied in new ways to enable security controls that are adaptive, risk-based and self-learning so that security is continuously evaluated and the level of protection is automatically adjusted based on changing environmental and risk conditions.”

The rise of a cloud-based, highly mobile business world has rendered obsolete prevailing security practices reliant on perimeter defenses and on static security controls requiring predetermined knowledge of threats. Security leaders are shifting to an intelligence-driven security model – a model that is risk-aware, contextual and agile and can help organizations defend against unknown threats, researchers said.

“In the coming year, top-tier enterprises with progressive security capabilities will adopt intelligence-driven security models based on Big Data analytics,” said Eddie Schwartz, CISO at RSA. “Over the next two to three years, this security model will become a way of life.”

“The discovery of and response to threats and fraud therefore can become more predictive as a richer view of user identities and complex data flows comes together to give a data-driven perspective of what normal versus aberrant behavior looks like,” added Curry.

RSA recommends a handful of best practices to prepare for this sea change. For one, organizations should align their security capabilities behind a holistic cybersecurity strategy and program that is customized for the organization’s specific risks, threats and requirements.

Then they should establish a shared data architecture for security information. Because Big Data analytics require information to be collected from various sources in many different formats, a single architecture that allows all information to be captured, indexed, normalized, analyzed and shared is a logical goal.

Organizations also need to think strategically about which security products they will continue to support and use over several years, because each product will introduce its own data structure that must be integrated into a unified analytics framework for security. At the same time, they should ensure that ongoing investments in security products favor technologies using agile analytics-based approaches, not static tools based on threat signatures or network boundaries. New, Big Data-ready tools should offer the architectural flexibility to change as the business, IT or threat landscape evolves, RSA cautioned.

Personnel is a concern as well. While emerging security solutions will be Big Data ready, security teams may not be. Data analytics is an area where on-staff talent is lacking. Data scientists with specialized knowledge in security are scarce, and they will remain in high demand. As a result, many organizations are likely turn to outside partners to supplement internal security analytics capabilities. And, it’s important to augment internal security analytics programs with external threat intelligence services and evaluate threat data from trustworthy and relevant sources.

“The game is changing,” said William Stewart, senior vice president at Booz Allen Hamilton, a national defense contractor. “More and more data is going onto the internet in automated forms, and that vector will continue. Therefore, a security analysis tool that worked great two or three years ago doesn’t work so well anymore. You now have to look through a whole lot more data, and you have to look for threats that are far more subtle. Commercial tools are changing to take advantage of these Big Data streams coming online.”

This article is featured in:
Cloud Computing  •  Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×