Complex Made Simple

Where big data meets security

Big data is now an issue and a challenge for IT security teams – but an emerging opportunity, according to a senior RSA exec.

Hundreds of IT decision-makers attended the EMC Forum 2013 in Dubai this week. One of the key themes was security, with representatives from the storage giant’s security division, RSA.

If you’re not already familiar with the concept of ‘big data’, you may be surprised to learn how valuable it is becoming. Storing immense amount of data, from all aspects of enterprise activity, has only become feasible in recent years.

Some data sets are so large and complex that on-hand database management tools are simply being tossed aside.

If you happen to be within the field of IT then you’ll already be going loopy hearing the buzz phrase. The term itself has surprisingly existed since being coined in the ’90s by a veteran data analyst at Gartner, according to a New York Times study into the etymology of the trend. But it’s only now that data centres are truly storing ‘big’ volume, and increasingly do so at an exponential rate.

One of RSA’s products is called ‘Security Analytics’ and it allows for in-depth analysis around big data, looking at all of the individual logs and packets at breakneck speeds. One of the recent big developments in the field is fusing third-party threat intelligence data into an organisation’s Security Operations Centre (SOC).

“You’re definitely seeing analytic capabilities transforming security,” said Mark Thurmond, senior vice president of worldwide sales at RSA.

“If you consider all of the information and data that comes into an information security centre; the events, the logs, packets, data loss-prevention feeds and other contextual information, then the SOC is now itself a big data location and an area where CIOs can leverage great value,” he tells AMEinfo.

If you’re correlating all of that information and making decisions in real-time, then you have to be able to do high-end computing. This includes things like asset criticality intelligence. At a simple level, if there is an event or alert from a critical server, that event should be kicked up to being a top priority.

“You’re starting see more automation tying in with big data, that’s really allowing for intelligent decisions based on all the information being collection.”

“You’re definitely seeing ‘M2M’ (machine-to-machine communication) and higher-end forensics within data analytics, but even at a higher level the biggest trend is that now risk is being evaluated at a much deeper layer. CIOs are telling their teams to evaluate risk from an IT, operational and business perspective,” adds Thurmond.

Back-end to the future

RSA are encouraging the trend of companies’ GRC (governance, risk and compliance) tools being fed into SOCs in order to refine contextual data and establish a prioritisation of workflow, but the future is the increasingly predictive nature of security analytics.

“It’s really getting to that level, where the future of security is predictive,” says Thurmond. “One very fast-emerging technologies is behavioural analytics. We have an asset we acquired from a company called Silver Tail, where we’re now able to go in and get more accurate data on behaviour and click-stream analysis on web sessions.”

If you’re an e-commerce company or a financial institution, for example, RSA can look at all of the web session traffic in real-time and we can determine patterns that differentiate between a customer and criminal.

“We can look at the entirety of a website’s traffic and determine a natural and normal pattern for a customer. We can also look at the history of that individual as a repeat customer. There’s either an historical pattern or a trend consensus of the website,” he explained to AMEinfo, following his keynote speech.

Consider a hack attempt where a promotional code is clicked 5,000 times with one second, in order to download some kind of coupon. Obviously a human being cannot do that. The behaviour sticks out like a sore thumb (and the assailant would have a sore finger). But a fraud team large enough to spot individual attacks is just not tenable. That’s where machine speed and machine learning comes into play.

“Safety and security remain the topmost priority in the UAE government’s vision to foster an environment favorable for business opportunities and fair trade,” says Major Yaqoub Y. Al Ahmed, head of operations, Abu Dhabi Police, who was present at the EMC event.

“Information technology remains central to Abu Dhabi Police’s services from emergency field management right down to command and control systems and protocol. Investments in next-generation IT infrastructure enable our teams to stay informed, alert and resilient to create an intelligence- led, proactive and responsive security force,” he adds.