RSA betting its future on Big Data

Company's position published paper suggests any security company that doesn't find a way to make use of Big Data might want to fold up its tent right now

RSA, the security division of EMC, is looking to Big Data for the future of security, arguing that applying analytics to massive amounts of data related to users, their devices and network management will be increasingly important to detect fraud and cyberattacks.

"This is what makes security interesting going forward," says RSA Chief Technologist Sam Curry in discussing the outfit's new position paper Big Data Fuels Intelligence-Driven Security), which lays the groundwork for integrating big-data analytics into security operations.

Pressed to say exactly how RSA will pursue such a strategy, Curry would only acknowledge more on products and services will be forthcoming soon. He emphasizes: "We're making a bet as a company on this."

RELATED: Better business-government teamwork needed to better fight cyberattacks

RSA late last year acquired Silvertail Systems, a Web analytics and behavioral analysis firm, and this will be figuring into what RSA plans for its Big Data security push.

The RSA position published paper suggests any security company that doesn't find a way to make use of Big Data might want to fold up its tent right now.

"Within the next two years, we predict Big Data analytics will disrupt the status quo in most information security product segments, including SIEM [security information and event management]; network monitoring; user authentication and authorization; identity management; fraud detection; and governance, risk & compliance," the paper states. It goes on to say that within three years, data analytic tools will have evolved to enable a range of "advanced predictive capabilities and automated real-time controls." These, in theory, will form the basis of protecting against fraud and stealthy cyberattacks aimed at stealing critical information.

Today, there are a handful of security firms, including Red Lambda and Palantir, that have created tools and services that involve large-scale data analytics used to serve the purposes of security. Also, CrowdStrike is a startup that is expected to introduce a "big-data analytics platform" later this year.

According to RSA's perspective, Big Data harnessed for security purposes entails collecting vast amounts of information in real-time to build profiles of both users and systems to "spot aberrant activity or behaviors" that "often indicate deeper problems."

And Big Data is envisioned as big indeed. "Now, with recent advancements in computing power, storage systems, database management and analytics frameworks, no data set is too big or too fast. Information such as full packet capture, external threat intelligence feeds, website clickstreams, Microsoft outlook calendars and social-media activity can be used for security-related analysis."

RSA suggests companies should be anticipating the Big Data push into security by considering what would be involved to set up a centralized warehouse "where all security-related data is made available for security analysts to query, either as a unified repository or, more likely, as a cross-indexed series of data stores."

Big Data is going to be about "events in your environment" and there's a need for more than the type of security data, such as what firewalls or other types of security gear provide, says Curry. "It goes beyond security data to travel systems or or CRM [customer-relationship management] and other application data," he says. Curry notes that the HR systems may be able to supply information about an employee that would help determine if someone is trying to exploit a person's identity.

According to Curry, the intent in all this is to evolve beyond what is now known as SIEM, where products are designed to aggregate and analyze large amounts of security feeds.

"SIEM is just repositories, mass repositories that are often architected for compliance," Curry says. Big data for security can potentially do better in detecting stealthy attackers and their "dwell time" inside enterprise networks as they find their way to the most critical data sources and plan how to extricate it, he says. The "hunt time" for this type of attack is generally failing today but "we think it takes advanced data techniques to wins this," Curry says.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecuritySilvertaildata miningsoftwarebig dataintelrsaemc

More about EMC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts