Earlier this week a report was released by the Information Security Forum (ISF) in regard to Big Data, calling for improvements to analytics.
It claimed that Big Data analytics have the potential to reduce the growing number of cyber security risks and increase business agility, and that organisations must stop reacting to security incidents and predict and prevent them instead.
ISF CEO Michael de Crespigny said that while many businesses are already using data analytics to support their core business, few recognise the benefits for information security.
He said: “We recognise the inherent challenges of analysing Big Data – the huge data sets and the need for high performance computing and specialised tools – plus the really valuable insights are often buried in large volumes of results.
“But we also believe it's manageable and that there are tools, solutions and services out there designed to help meet these challenges and enable businesses to see results very quickly.”
Last week I met with Splunk, whose EMEA vice president and general manager James Murray said that there has been a paradigm shift in how Big Data is seen and there was too much of a reactive look at Big Data. “We need to move from looking at the rear view mirror to real-time to determine failure, it extends to business intelligence,” he said.
His colleague DJ Skillman, director of technical services EMEA at Splunk, said that dealing with Big Data is about processing massive amounts of data in real-time. He said: “Twenty per cent of data is structured and 80 per cent is unstructured. You use that data to analyse what is going on across the whole organisation and use those data sets to see what you are missing.
He said: “If you can go back a week that is fine, but in a week a large organisation will have terabytes of data, while web-facing companies will have multiple terabytes. Security intelligence and event management (SIEM) collects data and knows what it is, but it is about how fast you solve the problem and in real-time that is key.”
I asked Skillman and Murray if they thought that SIEM was not up to the task of crunching Big Data. Skillman said that SIEM is reactive and while businesses need to collect everything, they will want to know what happened and what changed if they see a million activities drop to zero.
He said: “The data exists, it is about finding that needle in the haystack and knowing why your red and green lights have turned red.”
The ISF report said that data volumes are growing at around 2.5 million terabytes every day, so data analytics add the ability to analyse large volumes of disparate and complex data and can help senior and board level executives better understand and manage their risk/reward balance in cyber space.
However the ISF claimed that only half of organisations it surveyed are using some form of analytics for fraud prevention, forensics and network traffic analysis, while less than 20 per cent are using it to identify information related to subject matter requests, predict hardware failures, ensure data integrity or check data classification.
Ross Brewer, vice president and managing director, international markets at LogRhythm, said he was not surprised by the ISF findings, as he said that Big Data analytics are "still immature and massively under-used".
He said: “With data volumes growing at unprecedented rates, it makes sense that Big Data is an issue rapidly working its way onto corporate agendas worldwide. Unfortunately though, the focus often falls on how to limit the growth of Big Data. While this is no doubt an area for concern, it causes many organisations to neglect the fact that the Big Data analytics can offer invaluable intelligence, and will actually help them greatly improve their IT security.
“Essentially, the only way to ensure that cyber threats or network issues can be immediately identified is to have a 360-degree visibility into every piece of data being generated by IT systems – no matter how big or how complex they are. Generally speaking, the bigger the IT estate, the greater the need for a proactive, continuous and granular view of all network activity.
“This helps organisations identify, isolate and remediate any issues as soon as they occur – making it essential to have centralised systems in place that can collect and analyse all IT data as and when it is generated. Security aside, this also offers the deep insight and actionable intelligence required to ensure networks are running optimally and without performance issues.”
However Ionut Ionescu, European advisory board member at (ISC)2, said that he agreed with the fact that data analytics apply to security, but that throwing technology at a problem will not reduce a cyber risk.
He said: “We need data analysts but we also need to extend that intelligence to a more complete view and by crunching more data you can have a false sense of security.
“Data analysis is not a new discipline, we analyse data in our everyday lives, but it doesn't have to be about a deluge of data.”
Murray said that there are five V's in Big Data: volume, variety (structured/unstructured data), variability (where data is coming from), value and velocity.
The fact is everyone should be doing something better than they are, but if the benefits are clearer to businesses then the understanding of Big Data may become as clear.