Is Infosec Ready for Big Data?
Outside of filling up terabytes and petabytes of drive space, do you really understand what Big Data is and its implication on the business and security?
Neither do I! That’s why I attended a session at the 2012 RSA Conference entitled, “Big Data and Security: the Rules Have Changed.” The session was moderated by Bill Brenner (@BillBrenner70), Senior Editor, CSO Magazine / CSO Online. On the panel were:
- Adam O’Donnell, Chief Architect, Sourcefire, Inc.
- Andrew Jaquith (@arj), Chief Technology Officer, Perimeter E-Security
- John Adams (@netik), Security Operations Engineer, Twitter
- Rich Mogull (@rmogull), Analyst & Chief Executive Officer, Securosis
Here’s a collection of some of the issues that came up during the discussion:
- Every single database platform has a lot of security built in but there doesn’t seem to be extra controls being put into Big Data.
- Authentication is usually heavyweight, like when you use memcache things just start getting slower and you lose your speed advantage.
- Two techniques for Big Data is to monitor the data as it’s going into tools, but also isolate it from all the other data.
- A lot of reasons organizations avoid Big Data is because it’s really hard. It takes all the problems of databases and just compounds them.
- It is unlikely companies will get the legal shelter they need to share data publicly. That’s why there isn’t much collaboration of data. Privacy issues. Providers can do this as Verizon has with incident reports.
- In the real world analysis of access to Big Data allows you to better predict what’s a good file and what’s a bad file.
- Argument against the value of big data is that the tools aren’t up to production level quality. If that’s your attitude you’ll never get going. You need to get started.
- You could end up with a lot of non-actionable information if you don’t have the tools to build correlations between incidents and what action you should take.
- Saying you have Big Data is like saying I have a microchip. You’re simply writing tools on top of it to make it functional for your needs.
- Pro attitude towards Big Data is about detecting anomalies. To do so, you need to have a full spectrum view of your data that allows you to create a normalized view so that you can detect and predict anomalies.
- Security is often translating “back office intelligence” into “customer facing protection.” Big Data techniques lend themselves to building back office intelligence.
- While growing “back office intelligence” is nice, it happens in batches and security decision making often needs to be rapid and that doesn’t coincide with time-delayed visibility into your data.
- The problem isn’t collecting the data, the issue is affording the storage to collect, keep, and manage all that data. Even when the product is there, companies don’t want to pay for the storage that’s involved.
- Brenner’s Pro of Big Data: “To make the most accurate security decisions, we need to take advantage of all the intelligence available to us – from sensors, logs, user activity, etc. Big data techniques can be used to extract the most value from this wealth of information.”
- Brenner’s Con of Big Data: “There are no one-size fits all big data technologies. You have to understand both the problem you are trying to solve and the technology you are thinking of leveraging to solve it. If you aren’t sufficiently familiar with one or the other, there is a good chance your approach will ultimately prove fruitless.”
- There’s so much potential data but you have to focus on one problem because there’s so much to deal with.
After the session, I caught up with Andrew Jacquith and asked him about his pro/con opinions on using Big Data for security.
Stock photo of data image courtesy of Shutterstock.