Big data is transforming the security industry, information technology, business and society. An Intelligence-driven security strategy that uses big data analytics will help security practitioners regain the advantages of vigilance and time to better detect and defend against advanced threats.
Art Coviello, executive chairman of RSA, says the vast amount of unstructured data being mined, and the richness and variability of that data, provides great opportunities for business, but at the same time, provides new attack vectors for adversaries.
However, he says tools and techniques are being introduced to analyse this data, and it won't be long before big data applications and stores become an organisation's most prized possession. He adds that these applications and stores will be readily accessible in the cloud and via mobile devices, and not just by us, but by our adversaries, too.
Coviello says a more realistic level of understanding is needed when it comes to the escalation of threats. "Having the right level of understanding is key, because if we, as an industry, overhype this situation, organisations won't take the necessary measures to prepare themselves."
It is his belief that businesses can no longer afford to remain idle when it comes to updating their security measures and they must be willing to take action to adopt intelligence-driven security models to better defend against unknown threats.
The ICT security industry as a whole needs to develop an adaptive capacity built on security analytics, risk-based controls and multiple sources of threat intelligence to help security organisations more rapidly identify and respond to threats.
Coviello's vision for an intelligence-driven security model, enabled by big data, can be applied in two ways:
First, he cites security management for big data. "Despite today's compute power, bandwidth, database management and storage capacity, organisations will still require all data sets to be analysed so they can gain better visibility into a wide variety of contextual data, structured and unstructured, internal and external.
He says businesses need the correct level of context to build specific information about digital assets, users and systems. Big data architectures can and should be scalable enough to meet each company's specific requirements. In this way, businesses will be able to spot and correlate abnormal behaviour in people, transactions, and the flow and use of data to identify potential attacks and fraud.
Second, he talks about the development and application of controls for big data. "Organisations will need to subscribe to a more holistic approach for implementing individual big data controls by replacing isolated controls that are task-specific, such as malware blocking.
Coviello says individual controls should evolve to interact with intelligence feeds, risk and compliance platforms, security management systems, and each other, making them more dynamic and situationally aware. Other task-specific big data controls should have the capacity to be self-learning.
Share
