Big data is enabling new, more effective approaches to enterprise security. Big data security analysis can be applied to risk assessment, management, and network forensics. It can even reveal real-time threats and generate automated responses to make networks self-protecting. While security experts are still skeptical about big data security, early adopters are demonstrating how big data can enable new threat management strategies for enterprise security.
A survey by Enterprise Strategy Group shows that 44 percent of enterprise organizations say they already have big data security analysis and another 44 percent say that big data security analysis will be added as an application within two years. The research also shows that 86 percent of enterprises gather more security data than they did two years ago.
The security landscape has changed. CISOs now need to deal with more malware, social engineering, and targeted attacks, as well as securing new technology such as the cloud and mobile devices. And there are fewer security professionals. Point tools and manual security measures are no longer adequate. To deal with the mounting tide of threats CISOs are using big data security analysis to automate threat detection and response.
Applying Big Data Security Analysis
Big data creates a single view of the enterprise while automating security response tools, which promises to dramatically change the way IT professionals approach security:
- Security management – The convergence of security information and event management (SIEM) with real-time network monitoring provides a unified approach to security management. All the information needed to inform security can now be combined with big data analytics to correlate thousands of events per second without additional hardware.
- Identify and access management (IAM) – Big data security analysis allows the enterprise to continuously adapt identity controls, enabling situation-aware IAM tools that can provide secure access on demand.
- Fraud detection and prevention – Analyzing massive amounts of behavioral data makes it possible to distinguish between legitimate and fraudulent activity.
- Governance, risk management, and compliance (GRC) – Big data security analysis also unifies and enables real-time access to all the factors affecting business GRC. Analyzing large volumes of data will promote smarter decision-making that mitigates risk.
Three Elements of Big Data Security Analysis
To effectively implement risk management, big data security needs to have three things:
- Agility and scalability – The enterprise is becoming more elastic, constantly changing to accommodate mobile users, cloud computing, virtualization, storage, etc. The security management infrastructure needs to be able to scale with the enterprise. Centralizing control becomes impractical so security has to be virtualized and ready to address new threats.
- Analytics and visualization tools – Big data security requires a new set of tools to gain an overview of the enterprise, identify specific threats, and provide the details to deal with them. Where enterprise managers may only need key metrics, malware analysts will need to reconstruct and test suspect files, and forensic analysts will need to be able to reconstruct events using log files and other data.
- Threat intelligence – Beyond simple detection, big data security needs to be able to analyze and act on threat information. Intelligence needs to be applied to correlate threat data and provide a clear understanding to identify and address security threats.
With these three elements in place, big data security analysis can monitor for threats anywhere in the enterprise and respond with automated tools.
Automating Threat Response
While point tools are no longer sufficient to protect the enterprise, assembling various tools into a holistic solution powered by threat intelligence can protect an ever-changing infrastructure. Big data security analytics deliver threat response in real time, locking down accounts, changing device settings, or generating alarms for threat verification. Increased automation reduces manual workload and improves enterprise security.
Big data security analysis can automate security using various tools:
- Active controls that block data transmissions or require additional authentication when high-risk activity is detected.
- Diverse data sources inside and outside the enterprise to monitor for threats and “teach” the system as new information is added.
- Automated tools that collect and normalize data types for use by analytics engines.
- Analytics engines that can process vast amounts of packet data in real time.
- Centralized data storage so all security-related data can be accessed and cross-indexed for queries and analysis.
- Integration with risk management tools to facilitate investigation and trigger automated responses to defend the network from attacks.
Once you understand the basics of big data security analysis, you can start developing real-time tools to deal with various threats. Using the right data to feed security analytics adds intelligence to the system so you can detect and even address threats as they appear.
What do you see as the greatest promise of big data security? Is there a specific area where big data security will really shine?