The revolution that Big Data will mean in Information Security

The Security Brief report prepared by RSA, a subsidiary of EMC, predicts that Big Data analysis will have a severe impact on product categories in this sector in 2015, including SIEM (Security Information and Event Management), network monitoring, user authentication and authorization, identity management, fraud detection and governance, risk and compliance (GRC) systems.

RSA, the Security division of EMC Corporation, has published a new Security Brief report that reveals that Big Data will be the driver of the changes that will take place in the Security sector and will fuel security models based on intelligence. Consequently, Big Data is expected to seriously disrupt almost all known disciplines within Information Security.

This new report predicts that Big Data analytics will have a severe impact on product categories in this sector in 2015, including SIEM (Security Information and Event Management), network monitoring, user authentication and authorization, identity management, fraud detection and governance, risk and compliance (GRC) systems.

The authors of the report maintain that the changes resulting from the emergence of Big Data have already begun. This year, leading Security organizations will deploy packaged business strategies to support operations in a Big Data environment. Previously, the advanced analytical tools deployed in Security Operations Centers (SOCs) were custom-developed, but 2013 will mark the beginning of the commercialization of Big Data technologies in Security: a trend that will rethink the approach to the world of security, solutions and investment in the coming years.

Likewise, Big Data will also modify the nature of conventional security controls, such as anti-malware, data loss prevention and firewalls. In a three to five year time frame, analytical tools will continue to evolve to enable a wide range of advanced prediction capabilities and real-time automated controls.

The current scenario, with an omnipresent cloud model and mobility as an essential part of business, has made all those security practices aimed at defending the perimeter and focused on static controls obsolete. It is time to know the threats in advance, which explains why security leaders are betting on an intelligence-oriented model: concerned with the level of risk, contextual and agile, which helps organizations in their defense against unknown threats. An intelligent security approach, supported by Big Data enabling tools, incorporates dynamic risk assessments, analysis of huge volumes of security data, flexible controls and information sharing on threat and attack techniques.

The security report presents six lines of action to help organizations plan the transformation to which their security solutions and operations will be subjected after the arrival of Big Data. This is the guideline for intelligent security:

• Lay the foundations for a holistic cybersecurity strategy – Organizations should align their defense capabilities with a holistic cybersecurity strategy, personalized for each company, which has particularities and faces very different threats or requirements.
• Establish a shared data architecture for Information Security – Because Big Data analytics are fed by information from various sources and in very diverse formats. The logical goal of this unique architecture is to allow all information to be captured, indexed, analyzed and shared.
• Migrate to a unified security architecture – Companies need to think strategically about which security products they will rely on in the coming years because each solution carries its own data structure, which must be integrated into a unified security analysis framework.
• Purchase open and scalable big data security tools – Organizations should ensure that their current investments in security products are compatible with technologies that use an analytical agility approach. It is time not to dedicate resources to static tools, based on lists of threats or network limitations. Tools prepared for Big Data have the mission of offering a flexible architecture that changes depending on the business, IT or the evolution of the threat scenario.
• Strengthen SOC capabilities in terms of data science – At the same time that security solutions tailored for Big Data are emerging, security teams do not seem to be. Data analytics is an area where talent shortages are evident. Data scientists with security knowledge are quite scarce, revealing a high demand for these profiles. As a result, many organizations are looking abroad, looking for partners to fill these gaps.
• Leverage external threat intelligence – Augment internal security analysis programs with external threat intelligence services that evaluate reliable data and relevant information sources.

The result of integrating Big Data into security practices, according to the authors of this report, will provide better visibility into IT environments and the ability to distinguish suspicious behavior from normal activities, which translates into more reliable IT systems and a huge optimization in incident response capacity.

The opinion of the experts

William H. Stewart, Senior Vice President, Booz Allen Hamilton, has assured that "the game is changing. More and more data is traveling to the Internet in an automated way and the trend continues. Therefore, a security analysis tool that worked very well two or three years ago no longer has to be useful. Now it is vital to look through a much more complete set of data, and we must look for threats, which are much more subtle. Commercial tools are changing to take advantage of the large flows of information that reach us in real time.”

For his part, Eddie Schwartz, Chief Information Security Officer, RSA, The Security Division of EMC, stated that "this year, the most important companies with progressive security capabilities will adopt intelligence-oriented security models based on Big Data analysis. Within two or three years, this security model will become a way of life."

Access al informe RSA Security Brief, “Big Data Fuels Intelligence-Driven Security”.