RSA 2013: Big Data has power to transform security, says RSA chairman

The convergence of mobile devices, social media, and cloud computing has given rise to an attack surface that will be “altered and expanded, and our risks magnified, in ways we cannot imagine”, he declared to the packed audience at San Francisco’s Moscone Center.

What is Big Data? If you ask Coviello, “fundamentally [it] is about the ability to extract meaning, sort through masses of data, and find the hidden patterns and unexpected correlations”. It’s a phenomenon that has as much utility for security intelligence analysts as it does for the marketing and product development departments.

“Big Data truly has the potential to transform our lives for the better”, he noted. “Yet, as of now, we are only at the dawn of Big Data”.

He predicted that “it won’t be long before Big Data applications and stores become the ‘crown jewels’ of an organisation”, jokingly acknowledging the overused cliché of security marketing. Coviello continued: “And those crown jewels will be readily accessible in the cloud and via mobile devices across our hyper-connected enterprises – and not just by us, but by our adversaries as well.”

It’s these large data stores that Coviello pointed to as the objects of data theft – the target of cybercriminals, espionage, and nation-state sponsored hacking incidents that continue to make headlines, such as the recent compromise at the New York Times.

The RSA chairman insisted that those in the information security industry already know from where these data thefts originated, but then questioned what governments globally would do to address the problem, and what the audience of security professionals gathered there would do to defend their organizations?

“It’s clear to me, that in the age of globalization, with internet-dependent economies relying on world trade, that all nations needed to be guided by a rule of law and respect for property – not just in word, but in deeds”, Coviello proclaimed, comments for which he received robust applause from the audience.

He then pivoted from what governments need to do to stem this tide of cyber attacks, and focused on what organizations and security professionals themselves can do to detect and prevent them. In doing so, Coviello insisted the industry was at a critical crossroads, and then channeled his inner Abraham Lincoln.

“It’s past time for us to disenthrall ourselves from the reactive and perimeter-based security dogmas of the past and speed adoption of intelligence-driven security”, he said, outlining where Big Data can help accomplish this goal. It includes a better understanding of risk, use of agile controls based on pattern recognition, predictive analytics, and analyzing backstreams of data to produce actionable information. Coviello said he is encouraged that intelligence-driven security is becoming “conventional wisdom” within the industry, but insisted that given the quickly changing threat landscape, that organizations must “act more quickly” to adopt this model.

Coviello concluded by articulating his vision for an intelligence-driven security model enabled by Big Data that can be applied in two ways:

  • Security Management for Big Data – Despite today’s compute power, bandwidth, database management and storage capacity, organizations will still require all data sets to be analyzed so that they can gain better visibility into a wide variety of contextual data, structured and unstructured, internal and external. Organizations will need to have the right level of context to build specific information about digital assets, users and systems. Big Data architectures can and should be scalable enough to meet each organization’s unique requirements. Organizations will then be able to spot and correlate abnormal behavior in people, transactions and the flow and use of data to identify potential attacks and fraud.
  • Development and application of controls for Big Data – Organizations will need to subscribe to a more holistic approach for implementing individual Big Data controls by replacing isolated controls that are task-specific, such as malware blocking. Individual controls should evolve to interact with intelligence feeds, risk and compliance platforms, security management systems, and each other making them more dynamic and situationally aware. Other task-specific Big Data controls should have the capacity to be self-learning.

Coviello believes such an intelligence-driven approach will leverage Big Data to solve old security problems, while remaining agile enough to anticipate and respond to new ones – the ability to combat “known unknowns, and unknown unknowns”, responding to the current threat environments and changes in the environment.

“Big Data will enable this model, transforming security, but it must begin with us”, he said in closing. “As a technologist, I believe technology will help us solve our seemingly unsolvable problems, improve trust and confidence, and help us manage the problems that cannot be solved right away.”

What’s Hot on Infosecurity Magazine?