Big data security analysis is the new frontier for enterprise security. As networks continue to get bigger and encompass resources such as cloud storage and mobile devices, securing the network becomes more challenging. There is just too much data for conventional data security tools. Using big data security analysis to model data traffic you now can predict and prevent data breaches as well as detect them, without having to monitor every device in the enterprise.
In a recent report, analyst firm Wikibon stated that one of the biggest growth inhibitors for big data is security concerns. Forty seven percent of IT professionals surveyed said security problems were a primary concern.
Big Data Security Has New Rules
To embrace big data security analysis, IT professionals will have to rethink their approach to enterprise security. In a recent survey by ESG, security professionals listed the following as most important tools for malware detection:
- Firewall logs – 42%
- ISD/IPS alerts – 28%
- PC forensic data – 27%
- IP packet capture – 23%
- Server logs – 22%
The challenge is that these are old school metrics designed to detect malware at the network perimeter. Big data has changed the rules. Now enterprise networks have to be open to data sources outside the firewall. It’s no longer a matter of creating a moat around the network; now it’s a matter of checking the credentials of all the data that passes through the enterprise.
Looking for Security Problems
Big data security analysis requires new tools to filter data traffic and secure networks that are continually growing in size and complexity. Here are just a few of the elements to monitor using big data security analysis:
- User authentication – Big data security analysis makes it possible to monitor enterprise security as an ongoing process, including user identity and authentication. Rather than just authenticating user access once, big data security keeps track of user activity, looking for suspicious behavior. For example, have user credentials been upgraded, where and when did they log in, and what did they access?
- Host traffic – Are there anomalies in network traffic? Is there encrypted data or are there suspicious data destinations? These kinds of anomalies can be uncovered using big data security analysis and should raise security questions.
- Web transactions – Is there suspicious activity being observed in high-value applications or assets? Can you see any suspicious data exchanges using a transaction monitor, SQL server logs, application logs, or network session data?
- Changes in the infrastructure – Check configuration management and vulnerability management to see if the server has been manipulated or configurations changed. Is everything still in compliance with security policies?
- Data tracking – What kind if data is being stored and transmitted? Is the information regulated or does it contain valuable intellectual property?
How to Prevent Security Breaches
Big data security analysis also requires new types of strategies to prevent security problems:
- Analyze everything – Since big data demands access to data sources beyond IT’s control, security is no longer reliant solely on blocking suspicious data traffic. Streaming data has to be filtered for meta data, identity data, transactions, security intelligence, etc. Many big data analytics platforms from IBM, RSA Security, Splunk, and other vendors include products that can capture and analyze unstructured data in real time. If you gather and analyze everything it’s easier to spot data traffic anomalies.
- Consolidating risk and protection – The challenge with analyzing everything is that it forces you to put all your data in one place. Organizations that are using big data security are, of necessity, consolidating their risk by aggregating meta data, log files, etc., in one location for security analysis. Be sure to manage your security data closely so hackers can’t break into the vault that holds all the enterprise security jewels.
- Choose Your Data Sources – Big data tends to embrace the idea that data is an asset, ergo let’s gather as much data as possible. The more data sources you include, the more complex your big data analysis but more importantly, the more opportunities there are to introduce malware or some kind of data breech. Be judicious about choosing your big data sources.
- Anonymize data traffic – One security measure that can help defeat cybercriminals while supporting privacy regulations at the same time is anonymizing data sets. Removing key pieces of data from records can help protect sensitive data. You also can consider data encryption.
These are just some of the ways that big data is changing enterprise security and security analysis. The most important thing is to understand how big data traffic affects your enterprise, remembering that big data itself is not inherently secure, and develop security strategies that target big data weaknesses.
What do you see as the biggest issue with regard to big data security analysis?