Big data can be a big headache for data defenders

Big data is all the buzz in board rooms these days, but in security circles it's a mixed blessing.

The technology allows tons of threat data to be analyzed and used to thwart intruders. In the enterprise, it can be used to analyze volumes of network traffic to reveal insider trouble and advanced persistent threats.

Problem is, the network architecture that supports big data wasn't created with security in mind, which can create problems for system defenders.

A common big data deployment uses Hadoop to manage the clusters of computers used to crunch the mountains of data fed into it. That can create problems for defenders, especially if they're trying to use traditional security tools to protect their big data fortress.

"Incumbent data security vendors believe that Hadoop and distributed cluster security can be addressed with traditional perimeter security solutions such as firewalls and intrusion detection/prevention technologies," explained Zettaset, a big data security company, in a white paper "The big data Security Gap: Protecting the Hadoop Cluster."

"But no matter how advanced, traditional approaches that rely on perimeter security are unable to adequately secure Hadoop clusters and distributed file systems," it added.

Traditional security products are designed to protect a single database, noted Zettaset CTO Brian Christian. When those products are forced to protect a distributed cluster of computers that can number in the thousands, their capacity is taxed.

"When you put them on a large scale distributed computing environment, they become either a choke point or a single point of failure for the entire cluster," Christian said in an interview.

"They could potentially be extremely dangerous running them on a cluster," he said, "because if they do fail, there is the potential to deny everybody on the cluster access to petabytes of data or a corruption of data in some of the encryption security technologies."

[Also see: RSA 2012: The security risks and rewards of big data]

Performance problems aren't unusual where security is "bolted on" to a big data setup, said Jason Escaravage, a principal with Booz Allen Hamilton.

For example, if you have a central place where everyone has to check credentials and you have to leave the system to access those credentials on an external security system, each one of those transactions are going to slow things down.

That can be challenging not only for system performance, but for a company's bottom line, too. "When you come to a system that's already been deployed and you're trying wrap security around it or bolt it on at the end, it's costly because it wasn't designed up front," Escaravage said in an interview.

"Security can be an enabler, but if it's done poorly or it's not factored into the original designs, it can absolutely slow things down," he added. "It can absolutely cause all kinds of terrible things to happen to the solution."

Big data may be a new technology, but from a security perspective, its following some old rules. "Organizational maturity in securing big data is lagging far behind the adoption of that technology," Chris Petersen, founder and CTO of LogRhythm, said in an interview.

"When it comes to security, businesses will generally not slow down the needs and progress of the business to have an ideal security posture," he said.

"While security catches up, there is going to vulnerability," he added. "My guess is that there id a lot of vulnerability right now in organizations adopting Hadoop."

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecuritydata miningsoftwarebig datadata protectionGapData Protection | Data Privacy

More about LogRhythmRSAStrategy&

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts