How to make big data your security boon
When IT security professionals hear “big data,” they don’t always share the optimism of other employees. The prospect of collecting and connecting large amounts of potentially sensitive information sounds like a compliance and security problem waiting to happen. However, big data can also be leveraged to better protect sensitive data and close gaps in the organization’s IT security framework.
The differentiating factors of popular big data solutions are typically designed around the three Vs: volume, variety and velocity. And, the qualities that make big data analytics software effective are also boons to security. Silicon Angle contributor Kristin Feledy explored how these solutions can contribute to a better protected IT environment by highlighting three features in particular:
- Real-time monitoring
- Data integration from multiple sources and systems
- Algorithms to detect anomalies
As Feledy noted, one of the problems with traditional security frameworks is they are only equipped to investigate an issue after detection. Solutions with real-time monitoring enable security pros to spot issues faster, however it’s the convergence of real-time analytics and trend analysis that make big data truly valuable in a security environment.
For example, an algorithm could be used to compare network traffic to historical data—this allows IT teams to be automatically notified if the system experiences abnormal traffic, such as a distributed denial-of-service (DDoS) attack.
Perhaps the best argument for a big data approach is the increasingly large volumes of security data flowing through IT. Just as traditional database technology and analytics platforms were ill equipped to deal with information at this scale, legacy approaches to IT security have struggled to keep up.
A white paper from Enterprise Strategy Group concluded that risk management and prevention strategies are no longer adequate for fully protecting IT ecosystems:
Moving forward, CISOs need real-time security intelligence and situational awareness to give them visibility into their security status at all layers of the technology stack and across the enterprise.
Armed with this type of intelligence, security executives can then prioritize actions, adjust security controls, accelerate incident detection and improve workflows around incident response.
Furthermore, big data has the potential to address many of the core challenges that security teams face. ESG summarized several of its industry surveys to illustrate the need for improved IT security strategies. In identifying common challenges, several top pain points emerged:
- Lack of adequate security staff (39 percent of respondents)
- Too many false positives (35 percent)
- Incident detection requires too many manual processes (29 percent)
- Incident detection depends on non-integrated tools (29 percent)
The value of big data technology has long been its ability to streamline analysis and bring together information from many different sources. The focus on automation means that organizations will not need to hire new employees to analyze security data. Meanwhile, bringing together data from a large number of tools provides IT security teams with a more comprehensive view of their environments.
Although many of the challenges associated with big data are technical in nature, success also requires a shift in mindset. The value of these analytics initiatives depends heavily on an organization’s ability to bring together as much relevant information as possible.
In March, Forrester analyst Michele Goetz wrote a blog post in which she identified the keys to success with big data. The first item on her list dealt with organizational attitude, and she argued that data must be treated as a business investment. This ultimately means rethinking certain assumptions and adopting new approaches to old problems—with a framework to measure success already in place.
The pitfall that IBM i operators may run into is treating the platform’s data as its own entity. While the i remains one of the most secure platforms in enterprises today, no system is 100 percent protected. Additionally, the security of IBM i ultimately depends on how many of its security controls and user profiles are properly configured. This means that even an organization immune to malware can still be vulnerable to user error or insider fraud.
IBM i’s audit journal contains valuable information that is relevant to an organization’s security landscape. Without this data being integrated as part of enterprise-wide big data initiatives, an analytics investment is substantially less likely to succeed.
“Understanding the big data landscape isn’t just about what tools are available and what they do. It is about the system created to deliver value and transform the business,” Goetz wrote.
Ultimately, big data should help achieve high visibility without requiring IT professionals to spend all their time analyzing logs and reports.
Integrating IBM i security data is an essential piece of the puzzle, and PowerTech Interact can help. Interact sends over 300 IBM i security events to any SIEM tool via syslog.
Check out last month’s article, Empower Your Security Monitor to Interact, for more information on real-time as400 event monitoring with SIEM integration.