The security risks and rewards of big data

"Big Data" is all the rage.

The Boston Globe reported last month that Massachusetts alone is home to more than 100 companies that focus on big data -- the ability to dissect and understand a flood of digitized information quickly and then act on it in a "predictive" rather than "reactive" way. Employment in this sector is expected to more than double over the next six years, adding an estimated 15,000 jobs in a sector that McKinsey Global Institute recently estimated is worth $64 billion.

But big data does not automatically mean big security improvements. If not handled with care and expertise, it could mean the opposite. That will be the focus of a panel discussion at the RSA Conference in San Francisco today at 3:50 p.m. in room 301.

Bill Brenner, CSO magazine managing editor, will moderate. Panelists are John Adams, security operations manager for Twitter; Andrew Jacquith, CTO at Perimeter E-Security; Rich Mogull, analyst and CEO at Securosis; and Adam O'Donnell, chief architect at Sourcefire.

While much of the buzz around big data understandably focuses on marketing, since it makes it easier to predict consumer behavior, a blog post last November by Morey Haber, vice president, project management for eEye Security, notes that for organizations with high security requirements, "the security data driving today's modern threat and risk intelligence is 'big data' in itself. In fact, it might be the biggest data in your organization, with regards to its value and impact to operations.

"It is one thing to collect this data," Haber writes, "but the real challenge is in making sense of (it) in an actionable format."

Indeed, much of the panel discussion will focus on the pros and cons of managing big data for security purposes.

O'Donnell says that on the plus side, big data enables the analysis of not only security threats, but also, "gives context to the threats by comparing them with rich, global baseline data. It allows us to know either that a threat or an attack is unique to a specific target or something commonly seen across all users."

Jacquith says his firm has a "natural affinity for huge quantities of 'machined' security data (since) we filter through 450 million events per day." He adds that it encourages exploration and is, "well suited for MSSPs and other companies that handle large amounts of customer security information."

But then, O'Donnell notes that big data, "can do powerful things, but only when wielded by the right hands, rather than implemented in a haphazard fashion by someone saying, 'Oh, we need big data to solve this.'"

Jacquith agrees. He says the analysis tools for big data are still "very immature," and that "high-skill analysts are hard to find."

And Adrian Lane, analyst and CTO of Securosis, cautioned in a blog post headlined, "Big data and bad security" that "The rush to collect and mine big data leaves data security in the dust."

So, much of the discussion will focus on the general agreement that security professionals should take advantage of all the intelligence available -- that big data techniques can extract value from this wealth of information, but that unless they understand both the problem they are trying to solve and the technology they are thinking of leveraging to solve it, their efforts may fail.

O'Donnell says that at Sourcefire, retrospective threat detection fundamentally leverages big data techniques.

"We are likely just scratching the surface here, and there are a wealth of new opportunities waiting to be uncovered," he says.

But that comes with a cautionary note: Before focusing on "big data," focus on "good data," so you don't end up with "garbage-in-garbage-out." The audience will be welcomed to participate in the discussion.

Read more about data protection in CSOonline's Data Protection section.

Join the CSO newsletter!

Error: Please check your email address.

More about Adobe SystemsAndrew Corporation (Australia)BillCisco SecurityCisco SecurityMicrosoftRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place