EMA Blog Community

(Update: My research report on this topic is now in the EMA library. For further updates on the trend, check out my other posts on data-driven security before and since.)

IT security has long been hamstrung by obstacles unknown to many other aspects of the enterprise. Businesses may be able to measure their performance through objective metrics such as sales growth, production efficiency or customer preference, but information security management too often boils down to a reaction to recent events or the well-known trio of fear, uncertainty and doubt. Defenses are often not specific enough or too far behind the reality of where threats really are, here and now. How can we do better?

There is one thing that would help immensely in answering that question: accurate and timely information that illustrates how and where attacks as well as defenses succeed, highlights where they fail, and clarifies where response can best be improved. But can this information be found in the avalanche of data that inundates security teams every day? And do organizations have access to tools that can make this data truly actionable?

Increasingly, the answer is yes. The data explosion is just as real in security as elsewhere. And just as with other aspects of the intelligence-driven enterprise, “big data” offers new challenges – and new opportunities. Much more information is available than ever before that can help enterprises identify previously unrecognized threats, sharpen defense, and acquire the awareness needed to develop more effective risk management programs. Today, techniques are emerging for harnessing this data to improve countermeasures and expand strategic insight.

In this blog series, I explore the emerging ways in which a data-driven approach characterizes new thinking about IT security, beginning with the three main areas where I see the trend taking shape:

• Part 1: Data-driven tactics that differ from legacy defenses in part by their focus on a more continuous, dynamic dependence on data sources, behavioral observation, and intelligent analysis.

• Part 2: Data sources and emerging data markets that provide both the raw material of a data-driven approach and new ways to make data available and actionable.

• Part 3: Data-driven strategy and security management: Security strategists have long sought to make better use of information about tactical operations and management processes. How might data-driven trends influence what security management becomes – and what obstacles must be overcome along the way?

Part 3 raises questions addressed in Parts 4 and 5 of the series:

• Part 4: The Case for the Fourth Paradigm: The emergence of “data science” has influenced the development of information-centric investigation. How might it shape the evolution of data-driven security?

• Part 5: Synthesis Platforms: In this post, I take a look at how data-centric security technologies yield insights today – and how emerging platforms that enable action may add new dimensions to data-driven security in the future.

This series is only the beginning of what I expect to be an ongoing examination of this trend and its many implications. I hope you join me as I continue to explore a topic that is already having an impact on security in the enterprise, and will become a key factor in defining the field tomorrow.

Related posts:

• Data-Driven Security Trendspotting: Big Data
• Cloud Identity Summit 2011: Toward Data-Driven Identity
• RSA, IBM Watson, and the Future of “Smart” Security
• Toward CNS: Converged Network Security systems
• Security in the Era of Big Data
• Security, Visibility, Privacy: Pick Any Two?

Other related articles:

• Striving for better information security intelligence (SearchSecurity.com)
• IBM to Acquire i2 to Accelerate Big Data Analytics… (ibm.com)
• Zettaset Analyzes Petabytes of Data to ID Security Risks (NetworkComputing.com)
• NetWitness Webcast: The Rise of Data-Driven Security (NetWitness.com)