There’s a lot of discussion around big data and security – but often the discussion goes to the possibilities rather than actual practices. Big data and security can mean a few different things. The first is leveraging big data information management to support the security data analyst role. The second is securing big data stores, and the third is taking in existing big data to enrich security information. What is often left out of the conversation is the recognition that security data has been growing, the analytic needs of that data has been growing – and so the security data flowing into SIEM systems is, in itself big data today. In fact, Gartner estimates that the amount of security information managed by organizations is doubling through 2016.
McAfee, with our “built for big security data” security information and event management system, is solving the performance, analytic and management challenges for SIEM – but we still see users with competitive SIEMs struggling. To put some numbers around this issue, McAfee released a study this week investigating the ways in which organizations struggle to make use of big data for security purposes. “Needle in a Datastack: The Rise of Big Security Data” had some expected and some interesting findings – including a widespread misplaced confidence in the ability to effectively leverage security data and suboptimal data management practices. To put some color around the data volumes here, while a terabyte may not seem very large in the scheme of big data – when you look at the extreme pressure a SIEM application puts on information management systems and combine that with the need for more context and long-term data retention to detect advanced threats, that’s a lot of data to analyze in real time.
The infographic below shows more of the key takeaways, but if you’re interested at some of the study findings, you can also download the full report here.