Logging and monitoring technologies have been described as dead, as security needs to become more Big Data aware.
Speaking to SC Magazine RSA chief information security officer Eddie Schwartz, who was head of NetWitness at the time of its acquisition by RSA and has recently overseen its solutions developed into RSA's Security Analytics technology, said that security incident and event management (SIEM) technology is now effectively dead.
He said: “SIEM and logging are a dead space. What has happened recently is you need more people to manage the data in the enterprise and focus intelligence from all sources in your infrastructure into the backend data manager.
“SIEM will continue to be important for organisations at some level of log management, such as the small-to-medium enterprise who are looking at it for compliance. But to deal with advanced threats and focus on the network and go by reputation, you have to go beyond the SIEM. You can build your own system with a data warehouse or you can use a managed partner, but who builds their own technology? SIEM has limited visibility.”
Schwartz said that incidents are often logged after the event, and you need to look inside and that is what comes from intelligence-driven security. He said: “You cannot live on an island and see things separately. We wonder why we fail at security, intelligence-driven security will continue to help towards better security management and now Big Data transforms security.”
Schwartz echoed comments made by Art Coviello, executive vice president of EMC and executive chairman of RSA, who in his opening keynote at the RSA Conference said that the limits of SIEM have been reached. He said: “Fundamentally, Big Data is about the ability to extract meaning, to sort through the masses of data elements and find the hidden patterns, the unexpected correlation, the surprising connection.
“It's about analysing vast and complex unstructured data sets at high speed, to solve innumerable problems across a wide spectrum of industrial, non-commercial and governmental organisations. Big Data has the potential to transform our lives for the better, our health, environment, our livelihoods, and almost every facet of our daily lives. Yet, we are only at the dawn of Big Data.”
Asked if there is a need for technology that looks deeper, Schwartz welcomed recent comments about context-aware security, saying that was what NetWitness was talking about in 2006. He said: “It is about visibility, traditional anti-virus has known for ten years that it needs to be more context-aware as anti-virus solutions are shifting to detect and mitigate and if you look at anti-virus and intrusion detection systems (IDS), you need to move to solutions that offer advanced analysis.
“You can use our tools and third party tools and know what the effectiveness of the tool is in a campaign. It really is more and more a change in the effectiveness of anti-virus and IDS and any CISO will tell you they agree, as they need more deep inspection and third-party intelligence.
Asked about how Big Data is changing RSA's business model, Schwartz said that it will take time to get there, but it will help understand what the business is doing. “The train really has left the station and we should have been on it a whole [long time] ago as we need visibility into the data centre and to call it secure,” he said.
“Big Data won't be fixed in 2013, but we will see it explode in the enterprise as some will say they are not ready yet, but more vendors will take on Big Data and it is a world of innovation and the good news is we are leading the pack.”