With the acquisitions of Q1Labs and NitroSecurity last week, the industry’s attention has been drawn anew to the value of security information and event management (SIEM). In the enterprise, SIEM is often the focus of security operations, collecting data from a variety of point products, management and monitoring systems.
But as I wrote on Tuesday, event data serves only part of the need. Visibility into the reality of the security posture has become essential to understanding the true nature of modern threats. Strategies that seek to make the most of security measurement or risk analysis must have the necessary data. Fraud and attacks that exploit multiple avenues of opportunity must be understood across all their dimensions if response is to be effective.
The problem for many security organizations is that this data is often very fragmented and diverse. It’s difficult enough to normalize data collected from a variety of monitoring tools, security products and forensics platforms – let alone automating the correlation of unstructured data form both internal and external sources, or formats unfamiliar to many security tools such as business transaction data when fraud or more sophisticated threats are a concern. Traditional approaches that require things such as a schema to define data structures in advance of data collection often hinder rather than help efforts to break down data silos and learn more – and more quickly – effectively placing available information out of reach for better analysis.
This has led to increased interest among some security professionals in the technologies of Big Data – but this interest is often misunderstood. Yes, these tools are designed to handle information at scale – but just as useful, particularly to security organizations, are their abilities to handle widely diverse data types and synthesize both structured and unstructured data without many of the limitations of traditional approaches. Overcoming these barriers could mean much more responsive data mining and analysis of security-relevant information in ways beyond the reach of many legacy techniques.
If you are in the New York area and responsible for information security strategy in your organization, and you’d like to hear about a real-world case of how one forward-thinking security team is seizing the initiative with the tools of Big Data – Hadoop, Hive, Pig and other open source technologies designed for data management at speed and scale – here is your opportunity.
This coming Thursday October 13, Zions Bancorporation CSO Preston Wood will be presenting a workshop in Manhattan on his organization’s experiences in applying Big Data methodology to security. I encourage you to check out the agenda. I’ll be there, looking forward to learning from an organization that is putting these concepts to work.
The workshop will be followed in the evening by an executive dinner event, where I will be joined by Preston and SAIC CloudShield CTO Peder Jungck for a roundtable dialog with security executives to discuss the evolution of response from traditional defense into real time mitigation and active management of an intelligence-based approach, with the goal of sharing best practices and discussing tangible strategies for attendees’ own security initiatives.
If you’re interested in this workshop or the executive dinner or have questions, feel free to reach out to the event’s organizers at firstname.lastname@example.org. I hope to see you there, and to learn from your insight as well as from the Zions experience.