RSA Conference: Embrace Big Data Analytics for Security, Coviello Says
SAN FRANCISCO—Big data has gone way beyond its identity as IT industry buzzword. It is an essential factor in the future of successful IT security operations.
This was the message of Art Coviello, executive chairman of EMC's RSA security division, as he stood before a crowd of attendees Tuesday morning at the RSA Conference. The statement was not made whimsically. In fact, RSA recently gave two big thumbs-up to big data with the release of its Security Analytics monitoring platform and its announcement today of RSA Authentication Manager 8, which leverages big data analytics to improve access controls.
And when it comes to security information management, big data analytics will be necessary component of what organizations need to do in the future.
"We've reached the limits of that technology," he said of the currently available security information management (SIM) tools. "Organizations must be able to gain full visibility into all data—structured and unstructured, internal and external."
The focus on big data analysis as a security enabler is also being pushed by Hewlett-Packard, which announced a new HP ArcSight/Hadoop Integration Utility platform. Designed to integrate HP ArcSight 6.0c with Apache Hadoop, the technology is aimed at speeding the process of collecting and analyzing big data stores to provide a more complete view into security events.
The mix of cloud monitoring, content analytics and big data processing provides customers with the context needed to effectively stop potential breaches, Art Gilliland, senior vice president and general manager for enterprise security products at HP, said in a statement.
"Many organizations have not been able to access the critical information they need to combat potential threats," Coviello said.
To begin to address that challenge, organizations should focus on creating a security strategy driven by intelligence that is capable of incorporating technologies that leverage big data as they become available. This also means creating what he called "a shared data architecture for security information."
"Because there are so many sources and formats of data it's critically important to have a single architecture that allows information to be captured, indexed, normalized, analyzed and shared," Coviello said.
Enabled by big data, intelligence-driven security will give organizations the ability to act both against known and unknown threats, he added.
The critical components of a big data security management system include: automated tools that collect diverse data types and normalizes them, a central data warehouse where the data is available for analysts to query and analytic engines capable of processing large volumes of data in real time.
Architectures for big data must be scalable enough so that data can be analyzed regardless of how expansive or fast-changing it is. Also, there must be a high degree of integration with governance, risk management and compliance tools, Coviello said.
"Individual big data controls will be smart to begin with, but will also have the capacity to be self-learning and they should be able to inform and—be informed by—other controls," he said. "They should be able to feed or receive intelligence."
"The model is future-proof, even if the operation of it isn't," Coviello said, adding that corporations should embrace the arrival of big data technology.
"It will help us win," he said.