Discover PerformanceHP Software's community for IT leaders // April 2013
Boost your security with big data
Somewhere in all your data is your next security coup—or failure. Find out how to mine big data for high-def security.
Enterprises are creating data at a tremendous rate, and mining it for intelligence. At leading organizations, it’s not just marketing and sales—security is getting into the act. Massive, real-time data analytics capabilities open up new vistas for understanding the corporate threat profile in near-real time. This opportunity is driven by three fundamental promises of today’s big data analytics solutions:
Greater data velocity: In the past, the time it took to return a complex data query was hours, or even days—far too long to make the data actionable against a current threat. The window to address a critical security issue can be mere minutes, if not seconds. Fortunately, today’s near-real-time event processing means potential threats can be found and addressed with that same speed.
Increased data volume: Unstructured data, such as tweets and Facebook posts, is a new source of security intelligence. For banks and other organizations with highly sensitive information, the ability to perform sentiment analysis, as one example, on this type of Internet data is an invaluable advancement. To defend against a real-time threat actor, the capability must exist to understand that actor’s tactics and operation in real time, based on any and all available structured and unstructured data.
Variety of data: Thanks to big data, security experts can make a better assessment of the potential security threat by using a variety of data from a variety of data sources. Is a network IP address generating strange traffic? Use real-time, contextual information in your big-data analytics platform to discover a wider and more accurate picture of what may actually be happening, before committing resources.
Together, these three promises of big data analytics are making it easier to find and resolve threats of many disparate types. But they’re also making it possible, for the first time, to create a defensive strategy against insider attacks not based on hearsay or outdated patterns.
Getting on the big data ball
CISOs need a game plan to utilize big data intelligence to harden the enterprise attack surface from end to end. Here are four steps that can help you create an action plan:
- Assess the existing data your organization is generating, or has the capacity to generate. Organizations often have a significant amount of data via logging or other methods that they are not capitalizing on.
- Define the capabilities your organization requires from your big data implementation, with an understanding of the limitations of technology and your own organization’s operational capabilities to conduct actions based on available intelligence.
- Execute a pilot-based implementation and vet out actual operational capabilities, data storage requirements, and technology needs.
- Measure and improve the implementation, ensuring that measurements relevant to the initial requirements are taken.
With this information in hand, you can evaluate market solutions and identify the ones that provide adequate support for your requirements. You’ll need a solution that can do all of the following, and return results quickly under load:
- Collect all the different types of data that you need access to and re-collect it as needed
- Consolidate all that data in a single place, so that you aren’t spending to store it multiple times
- Correlate all the data in a logical fashion to give the security team a prioritized list of issues
- Collaborate well with all the solutions already deployed in your organization
Bigger, faster, more secure
The business media has largely portrayed big data as a worry. But for the enterprise security team, big data offers a lot of upside. With greater volume of data, faster analytics, and more contextual information, security teams can begin to uncover more threats in real or near-real time, giving them the ability to react to, contain, and disrupt active attacks.
To learn more about how big data can lead to better threat detection, read the white paper "Big Security for Big Data," and find out how to strengthen your security intelligence with HP ArcSight.