In my two previous entries, I discussed the security concerns around implementing Big Data for companies and how Big Data is used to provide Security Intelligence that recognizes bad behavior and reputation for files and connections. But what can companies do today to get ahead and implement Big Security Data?
With more and more connections, devices and services being utilized by companies for their business, maintaining constant knowledge of the infrastructure and the data is becoming unmanageable. In a recent McAfee report, three out of four companies believed they were aware of the security risks that they face, but only about a third of the companies believed they were both aware and well protected. What this says to me is that companies may be able to project or identify a real threat, but that they do not have great visibility into how the organization, the infrastructure or the culture might behave when subjected to a threat. They would then be unable to clearly identify the cost to the business if a threat were to occur for several minutes, or in the case of APTs, over several years.
A recent article in BankInfoSecurity looked at how digital images of checks were stored online and then viewed shortly after by unauthorized actors. This data was then used to create counterfeit business checks, an old-fashioned and highly labor intense method to compromise over 1200 businesses and $9 million dollars in unauthorized purchases. These simple glances at information gave enough data to pull off a substantial haul by malfeasants.
A glance or a view can easily fly under the radar, especially if it’s properly timed or coordinated with another digital distraction. Big Security Data is not only about seeing things in real-time with large amounts of security information, but having the ability to easily look at scenarios and trend on past activities. This ability to change time perspective from present to past and get answers quickly has traditionally not been available without substantial overhead and cost. Today’s business is moving forward with this ability in their analytics and adoption of Big Data, adding another layer of context and detail to gain valuable insight. This allows them to take advantage of opportunities to change quickly and mitigate risk. Unfortunately, IT has been slower to embrace this concept.
Big Security Data takes not only traditional IT logs from the network, server and applications, but it also incorporates other transactional information relative to the business, giving hawkeyed business context. Maybe this is building access information or geolocation from mobile device connections that you can then correlate to VPN or network connections, validating corporate policy that critical configuration changes are made on-premise to ensure best rollback procedures. Or it could be that access to data correlates to workers that are ‘on the clock’, versus workers that are viewing sensitive data remotely, where immediate access to that content may be unnecessary.
The value of Big Security Data isn’t just in alerts to security issues that you are actively watching for, but its ability to look forwards and backwards and trend with contextual details. Having this hawkeyed view on suspicious behavior or infrastructure can give you the information you need to uncover ‘snakes in the grass’, securing your data and minimizing the risk to your business.