This morning, EMC’s RSA Security Division announced its intent to acquire Silver Tail Systems. The press release is here.

I’ve written about Silver Tail before, going back to one of my first posts on the rise of data-driven security. In a five-part blog series introduced by that post, I described how data-driven security is evolving in three primary domains:

  • Data-driven defense tactics which differ from legacy security technologies in their focus on a more continuous, dynamic dependence on data sources.
  • Data-driven security strategy and management that emphasizes objective techniques for yielding more effective insight from large amounts of many different kinds of data, and
  • Data sources to serve these interests, which can be expected to grow in their variety, as well as in the variety of ways they are made available as offerings in their own right.

Silver Tail offers an exemplary demonstration of emerging data-driven defense. Its technologies analyze the behavior of interactions with websites and web applications to understand expected behavior and identify deviations that indicate fraud or malicious attempts to abuse business logic. This requires the fundamental engagement of data analytics to identify norms and recognize anomalies – an application of analytic techniques that are already widely familiar in realms such as Business Intelligence. They also play a role in the analysis of security and fraud data – capabilities that are growing in visibility, in concert with growing awareness of just how broadly data analytics can be applied.

Up to now, the concept of data-driven security has been largely associated with security management, exemplified by technologies at the heart of the Security Operations Center, such as Security Information and Event Management (SIEM), investigative and forensic analysis platforms, or IT GRC platforms for rationalizing compliance requirements or managing vulnerability remediation (all capabilities already present in the RSA portfolio, by the way).

Silver Tail represents a category of technology that takes data analytics out of the SOC and puts them directly to work “in the field,” on the front lines of tactical defense. Like other data-driven defenses, Silver Tail analyzes observed activity in IT systems. Silver Tail targets the ways malicious parties interact with business applications “in a different way, at a different speed,” as company CEO Tim Eades describes it.  Like domains of web analytics beyond security, it employs large-scale data management to derive this insight – as many as 300,000 clicks per second according to Eades.

Where Silver Tail stands out is in its ability to bring these capabilities together in real time defense. The analysis of real-time data enables Silver Tail to build models of behavior and leverage machine learning to differentiate customers from criminals. This means it has much in common with RSA’s Identity Protection and Verification (IPV) Suite, complementing a number of anti-fraud intelligence and adaptive authentication capabilities in the IPV suite with real time detection and exploit prevention.

Silver Tail offers both software and SaaS deployment models that do not require the instrumentation of Web applications or deployment of client-side software. The SaaS model in particular suggests the high promise Silver Tail holds for adding real time fraud and threat analytics to cloud-hosted security tactics, complementing approaches to Web security “as a service” exemplified by Blue Coat’s Cloud Service or Zscaler. RSA foreshadowed the value it attaches to this synergy this past February, in a partnership with Zscaler to augment its services with RSA Adaptive Authentication and Cloud Trust Authority. A hosted approach aligns well with the large-scale data management platforms that can extend the value of Big Data techniques to security for a wide audience.

In EMA’s 2012 survey of the rise of data-driven security among 200 enterprises worldwide, 40% of respondents reported that they are overwhelmed with the security data they already collect. 46% have insufficient time or expertise to analyze what they collect. At the same time, however, 73% said that they would collect even more security-relevant data, if they could make use of it.

Silver Tail represents a growing class of technologies meeting a strongly demonstrated need, making insight available as real-time defense derived from large bodies of behavioral data. Its acquisition by RSA signals the growing validation of data-driven security tactics, as enterprises – and the vendors that serve them – recognize that effective analytics are the key to understanding the evidence of threats that too often escape detection.

 

Enhanced by Zemanta