SlideShare a Scribd company logo
1 of 13
Download to read offline
 
White	
  	
  
Paper	
  
	
  
	
  
	
   	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  
Here	
  	
  
	
  
	
  
By	
  Jon	
  Oltsik,	
  Senior	
  Principal	
  Analyst	
  
	
  
	
  
January	
  2013	
  
	
   	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
This	
  ESG	
  White	
  Paper	
  was	
  commissioned	
  by	
  RSA	
  Security	
  	
  	
  
and	
  is	
  distributed	
  under	
  license	
  from	
  ESG.	
  
	
  
	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  2	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Contents	
  
Executive	
  Summary	
  .....................................................................................................................................	
  3	
  
The	
  Obstacles	
  to	
  Improving	
  Organizational	
  Security	
  Maturity	
  ...................................................................	
  3	
  
Legacy	
  Security	
  Monitoring	
  and	
  Analytics	
  Tools	
  Are	
  Also	
  Holding	
  Back	
  Progress	
  ......................................	
  6	
  
Enter	
  the	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  ....................................................................................................	
  8	
  
Big	
  Data	
  Security	
  Analytics	
  Technology	
  Transformation	
  .........................................................................................	
  9	
  
CISOs	
  Must	
  Become	
  Big	
  Data	
  Security	
  Advocates	
  ....................................................................................	
  10	
  
The	
  Bigger	
  Truth	
  .......................................................................................................................................	
  12	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The
Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are
subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of
this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the
express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if
applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. 	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  3	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Executive	
  Summary	
  
A	
  few	
  years	
  ago,	
  ESG	
  created	
  a	
  security	
  management	
  maturity	
  model	
  that	
  outlined	
  a	
  progression	
  through	
  four	
  
phases	
  of	
  a	
  security	
  management	
  program’s	
  evolution.	
  The	
  goal	
  was	
  to	
  leverage	
  ESG	
  research	
  to	
  uncover	
  success	
  
strategies	
  and	
  best	
  practices,	
  then	
  use	
  this	
  information	
  to	
  help	
  CISOs	
  build	
  a	
  security	
  management	
  plan	
  and	
  
prioritize	
  the	
  right	
  activities	
  in	
  order	
  to	
  improve	
  security	
  and	
  lower	
  risk,	
  while	
  continuing	
  to	
  build	
  the	
  organization’s	
  
security	
  maturity.	
  
CISOs	
  are	
  certainly	
  intent	
  on	
  evolving	
  the	
  maturity	
  of	
  their	
  security	
  management,	
  but	
  many	
  organizations	
  are	
  facing	
  
unanticipated	
  problems	
  that	
  are	
  impeding	
  their	
  progress.	
  CISOs	
  face	
  an	
  insidious	
  threat	
  landscape	
  and	
  an	
  
avalanche	
  of	
  new	
  technology	
  initiatives	
  that	
  make	
  security	
  management	
  increasingly	
  difficult.	
  Furthermore,	
  
enterprise	
  organizations	
  are	
  finding	
  it	
  difficult	
  to	
  recruit	
  and	
  train	
  new	
  security	
  professionals—leaving	
  them	
  under-­‐
staffed	
  and	
  over-­‐burdened.	
  Taken	
  together,	
  new	
  security	
  risks	
  and	
  old	
  security	
  challenges	
  often	
  overwhelm	
  legacy	
  
security	
  controls	
  and	
  analytics	
  tools.	
  
Large	
  organizations	
  can	
  no	
  longer	
  rely	
  on	
  preventive	
  security	
  systems,	
  point	
  security	
  tools,	
  manual	
  processes,	
  and	
  
hardened	
  configurations	
  to	
  protect	
  them	
  from	
  targeted	
  attacks	
  and	
  advanced	
  malware.	
  Henceforth,	
  security	
  
management	
  must	
  be	
  based	
  upon	
  continuous	
  monitoring	
  and	
  data	
  analysis	
  for	
  up-­‐to-­‐the-­‐minute	
  situational	
  
awareness	
  and	
  rapid	
  data-­‐driven	
  security	
  decisions.	
  This	
  means	
  that	
  large	
  organizations	
  have	
  entered	
  the	
  era	
  of	
  big	
  
data	
  security	
  analytics.	
  	
  
This	
  white	
  paper	
  concludes	
  that:	
  
• Security	
  and	
  market	
  trends	
  are	
  creating	
  new	
  security	
  management	
  hurdles.	
  Over	
  the	
  past	
  few	
  years,	
  
CISOs	
  have	
  come	
  face-­‐to-­‐face	
  with	
  three	
  difficult	
  and	
  converging	
  trends.	
  First,	
  they	
  face	
  an	
  increasingly	
  
hazardous	
  threat	
  landscape	
  full	
  of	
  stealthy	
  malware,	
  social	
  engineering,	
  and	
  targeted	
  attacks	
  from	
  well-­‐
funded	
  and	
  expert	
  adversaries.	
  Second,	
  they	
  have	
  been	
  called	
  upon	
  to	
  secure	
  new	
  technology	
  initiatives	
  
such	
  as	
  cloud	
  computing,	
  mobile	
  devices,	
  and	
  server	
  virtualization.	
  Finally,	
  they	
  face	
  a	
  security	
  skills	
  
shortage,	
  making	
  it	
  difficult	
  to	
  recruit	
  and	
  hire	
  new	
  security	
  talent.	
  These	
  obstacles	
  are	
  placing	
  new	
  
demands	
  on	
  existing	
  security	
  staff,	
  processes,	
  and	
  technologies.	
  
• The	
  existing	
  security	
  infrastructure	
  is	
  no	
  longer	
  adequate.	
  At	
  many	
  enterprise	
  organizations,	
  security	
  
protection	
  and	
  analysis	
  depends	
  upon	
  an	
  army	
  of	
  independent	
  signature-­‐based	
  point	
  tools,	
  network	
  
perimeter	
  gateways,	
  manual	
  processes,	
  and	
  specialized	
  skills.	
  While	
  this	
  loose	
  affiliation	
  of	
  security	
  
technologies	
  may	
  have	
  been	
  sufficient	
  in	
  years	
  past,	
  they	
  are	
  no	
  match	
  for	
  the	
  scale	
  and	
  scope	
  of	
  today’s	
  
threats	
  and	
  overall	
  security	
  management	
  requirements.	
  
• IT	
  is	
  entering	
  the	
  era	
  of	
  big	
  data	
  security	
  analytics.	
  Risk	
  management	
  and	
  prevention	
  are	
  critical	
  but	
  no	
  
longer	
  enough.	
  Moving	
  forward,	
  CISOs	
  need	
  real-­‐time	
  security	
  intelligence	
  and	
  situational	
  awareness	
  to	
  
give	
  them	
  visibility	
  into	
  their	
  security	
  status	
  at	
  all	
  layers	
  of	
  the	
  technology	
  stack	
  and	
  across	
  the	
  enterprise.	
  
Armed	
  with	
  this	
  type	
  of	
  intelligence,	
  security	
  executives	
  can	
  then	
  prioritize	
  actions,	
  adjust	
  security	
  controls,	
  
accelerate	
  incident	
  detection,	
  and	
  improve	
  workflows	
  around	
  incident	
  response.	
  Taken	
  together,	
  these	
  
advances	
  can	
  improve	
  security	
  while	
  lowering	
  security	
  operations	
  costs.	
  	
  
	
  
The	
  Obstacles	
  to	
  Improving	
  Organizational	
  Security	
  Maturity	
  
After	
  studying	
  the	
  state	
  of	
  enterprise	
  information	
  security	
  in	
  2011,	
  ESG	
  published	
  a	
  security	
  management	
  maturity	
  
model	
  to	
  provide	
  some	
  strategic	
  guidance	
  for	
  CISOs	
  (see	
  Figure	
  1).	
  At	
  that	
  time,	
  ESG	
  believed	
  that	
  most	
  
organizations	
  were	
  still	
  in	
  phase	
  2,	
  thus	
  focused	
  on	
  compliance	
  and	
  defense-­‐in-­‐depth,	
  but	
  were	
  intent	
  on	
  
proceeding	
  to	
  phase	
  3,	
  risk-­‐based	
  security,	
  as	
  soon	
  as	
  possible.	
  	
  
	
  
	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  4	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Figure	
  1.	
  The	
  ESG	
  Information	
  Security	
  Management	
  Maturity	
  Model	
  
	
  
Source:	
  Enterprise	
  Strategy	
  Group,	
  2013.	
  
When	
  this	
  model	
  was	
  first	
  published	
  in	
  2011,	
  ESG	
  assumed	
  that	
  risk-­‐based	
  security	
  would	
  be	
  well	
  established	
  by	
  
most	
  organizations	
  by	
  early	
  2013,	
  but	
  this	
  transition	
  has	
  proven	
  to	
  be	
  more	
  difficult	
  than	
  first	
  anticipated.	
  The	
  delay	
  
is	
  not	
  due	
  to	
  a	
  lack	
  of	
  effort	
  by	
  security	
  teams.	
  In	
  fact,	
  in	
  the	
  past	
  couple	
  of	
  years,	
  many	
  CEOs	
  and	
  other	
  non-­‐
security	
  executives	
  have	
  become	
  more	
  involved	
  in	
  information	
  security	
  oversight	
  and	
  are	
  regularly	
  approving	
  
projects	
  and	
  increasing	
  information	
  security	
  budgets.	
  Unfortunately,	
  the	
  transition	
  from	
  phase	
  2	
  to	
  3	
  for	
  most	
  
organizations	
  has	
  become	
  more	
  difficult	
  than	
  projected	
  because	
  of:	
  
• The	
  volume	
  and	
  sophistication	
  of	
  new	
  threats.	
  While	
  day-­‐to-­‐day	
  cyber	
  threats	
  continue	
  to	
  increase	
  at	
  an	
  
exponential	
  rate,	
  CISOs	
  are	
  most	
  concerned	
  over	
  the	
  rise	
  of	
  targeted	
  and	
  advanced	
  malware	
  enabled	
  
attacks	
  such	
  as	
  Advanced	
  Persistent	
  Threats	
  (APTs).	
  This	
  apprehension	
  is	
  well	
  deserved.	
  According	
  to	
  ESG	
  
research,	
  59%	
  of	
  enterprises	
  are	
  certain	
  or	
  fairly	
  certain	
  that	
  they	
  have	
  been	
  the	
  target	
  of	
  an	
  APT,	
  while	
  
30%	
  of	
  enterprises	
  believe	
  they	
  are	
  vulnerable	
  to	
  future	
  APTs.1
	
  Detecting,	
  analyzing,	
  and	
  remediating	
  
advanced	
  threats	
  adds	
  additional	
  requirements	
  to	
  the	
  risk-­‐based	
  phase	
  while	
  forcing	
  CISOs	
  to	
  
simultaneously	
  assess	
  and	
  dramatically	
  improve	
  their	
  incident	
  detection	
  and	
  response	
  capabilities.	
  	
  
• Rapid	
  IT	
  changes.	
  Risk-­‐based	
  security	
  depends	
  upon	
  intimate	
  knowledge	
  of	
  every	
  IT	
  asset	
  deployed	
  on	
  the	
  
network.	
  This	
  type	
  of	
  understanding	
  is	
  especially	
  difficult	
  when	
  IT	
  is	
  constantly	
  engaged	
  in	
  rolling	
  out	
  new	
  
initiatives	
  such	
  as	
  server/endpoint	
  virtualization,	
  cloud	
  computing,	
  mobile	
  device	
  support,	
  and	
  supporting	
  
BYOD	
  programs.	
  To	
  make	
  matters	
  worse,	
  many	
  new	
  IT	
  initiatives	
  are	
  based	
  upon	
  immature	
  technologies	
  
that	
  are	
  prone	
  to	
  security	
  vulnerabilities,	
  and	
  may	
  not	
  play	
  well	
  with	
  existing	
  security	
  policies,	
  controls,	
  or	
  
monitoring	
  tools.	
  For	
  example,	
  mobile	
  devices	
  like	
  smartphones	
  and	
  tablet	
  computers	
  present	
  a	
  number	
  of	
  
security	
  management	
  challenges	
  around	
  policy	
  enforcement,	
  sensitive	
  data	
  discovery/management,	
  and	
  
malware/threat	
  management	
  (see	
  Figure	
  2).2
	
  The	
  continuous	
  adoption	
  of	
  new	
  technology	
  initiatives	
  adds	
  
uncertainty	
  and	
  complexity	
  to	
  security	
  management.	
  	
  
	
  
	
  
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
1
	
  Source:	
  ESG	
  Research	
  Report,	
  U.S.	
  Advanced	
  Persistent	
  Threat	
  Analysis,	
  November	
  2011.	
  
2
	
  Source:	
  ESG	
  Research	
  Report,	
  Security	
  Management	
  and	
  Operations:	
  Changes	
  on	
  the	
  Horizon,	
  July	
  2012.	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  5	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Figure	
  2.	
  Mobile	
  Device	
  Security	
  Challenges	
  
	
  
Source:	
  Enterprise	
  Strategy	
  Group,	
  2013.	
  
	
  
• A	
  growing	
  security	
  skills	
  shortage.	
  In	
  2012,	
  over	
  half	
  of	
  all	
  organizations	
  planned	
  to	
  add	
  headcount	
  to	
  their	
  
information	
  security	
  group	
  and	
  nearly	
  one-­‐quarter	
  of	
  all	
  organizations	
  (23%)	
  indicated	
  that	
  they	
  had	
  a	
  
significant	
  shortage	
  of	
  security	
  skills.	
  CISOs	
  will	
  likely	
  find	
  it	
  extremely	
  difficult	
  to	
  simply	
  hire	
  their	
  way	
  out	
  
of	
  this	
  problem—ESG	
  research	
  indicates	
  that	
  83%	
  of	
  enterprise	
  organizations	
  find	
  it	
  extremely	
  difficult	
  or	
  
somewhat	
  difficult	
  to	
  recruit	
  and	
  hire	
  security	
  professionals.3
	
  	
  
Combined	
  with	
  routine	
  day-­‐to-­‐day	
  activities,	
  the	
  security	
  market	
  trends	
  described	
  above	
  have	
  led	
  to	
  numerous	
  
challenges	
  in	
  areas	
  such	
  as	
  incident	
  detection/response	
  (see	
  Figure	
  3).4
	
  For	
  example,	
  the	
  overall	
  security	
  skills	
  
shortage	
  has	
  an	
  impact	
  on	
  the	
  security	
  organization’s	
  incident	
  detection/response	
  capabilities	
  because	
  many	
  
enterprises	
  lack	
  the	
  right	
  staffing	
  levels	
  and	
  skills.	
  Malware	
  volume	
  and	
  sophistication	
  is	
  forcing	
  security	
  analysts	
  to	
  
sort	
  through	
  mountains	
  of	
  equally	
  weighted,	
  false	
  positive	
  alerts.	
  In	
  addition	
  to	
  staffing	
  and	
  skills	
  issues,	
  security	
  
analysts	
  generally	
  rely	
  on	
  too	
  many	
  manual	
  processes	
  in	
  order	
  to	
  identify,	
  scope,	
  and	
  remediate	
  problems.	
  	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
3
	
  Source:	
  Ibid.	
  
4
	
  Source:	
  ESG	
  Research	
  Report,	
  The	
  Emerging	
  Intersection	
  Between	
  Big	
  Data	
  and	
  Security	
  Analytics,	
  November	
  2012.	
  
30%	
  
40%	
  
41%	
  
41%	
  
46%	
  
46%	
  
48%	
  
0%	
   10%	
   20%	
   30%	
   40%	
   50%	
   60%	
  
Discovering	
  mobile	
  devices	
  as	
  they	
  gain	
  access	
  to	
  the	
  
network	
  
Creaeng	
  security	
  policies	
  for	
  mobile	
  devices	
  
Supporeng	
  new	
  device	
  types	
  
Malware/threat	
  management	
  on	
  mobile	
  devices	
  
Sensieve	
  data	
  confideneality	
  and	
  integrity	
  proteceon	
  
when	
  accessed	
  from	
  or	
  stored	
  on	
  mobile	
  devices	
  
Lost/stolen	
  mobile	
  devices	
  containing	
  sensieve	
  data	
  
Enforcing	
  security	
  policies	
  for	
  mobile	
  devices	
  
With	
  regard	
  to	
  mobile	
  device	
  security,	
  which	
  of	
  the	
  following	
  presents	
  the	
  most	
  
significant	
  security	
  challenges	
  for	
  your	
  organizaPon?	
  (Percent	
  of	
  respondents,	
  N=315,	
  
mulPple	
  responses	
  accepted)	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  6	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Figure	
  3.	
  Challenges	
  with	
  Incident	
  Detection	
  
	
  
Source:	
  Enterprise	
  Strategy	
  Group,	
  2013.	
  
What’s	
  most	
  alarming	
  here	
  is	
  that	
  the	
  challenges	
  outlined	
  in	
  Figure	
  3	
  have	
  a	
  cumulative	
  impact.	
  Security	
  
departments	
  are	
  short-­‐staffed	
  and	
  lack	
  the	
  right	
  skills	
  amongst	
  the	
  analysts	
  they	
  do	
  have.	
  Meanwhile,	
  security	
  
analysts	
  spend	
  an	
  inordinate	
  amount	
  of	
  time	
  sorting	
  through	
  false	
  positives	
  and	
  working	
  through	
  manual	
  
processes,	
  which	
  wastes	
  what	
  little	
  time	
  they	
  have.	
  In	
  aggregate,	
  this	
  situation	
  is	
  operationally	
  inefficient,	
  costly,	
  
and	
  leaves	
  many	
  enterprise	
  firms	
  with	
  an	
  unacceptable	
  level	
  of	
  risk.	
  The	
  CEO	
  and	
  CFO	
  won’t	
  be	
  pleased	
  to	
  learn	
  
that	
  they	
  spend	
  more	
  but	
  are	
  left	
  with	
  more	
  risk.	
  	
  
Legacy	
  Security	
  Monitoring	
  and	
  Analytics	
  Tools	
  Are	
  Also	
  Holding	
  Back	
  
Progress	
  
In	
  addition	
  to	
  skills	
  challenges,	
  false	
  positives,	
  and	
  manual	
  processes,	
  it	
  is	
  also	
  worth	
  noting	
  that	
  29%	
  of	
  enterprise	
  
organizations	
  surveyed	
  by	
  ESG	
  indicate	
  that	
  incident	
  detection	
  depends	
  upon	
  too	
  many	
  independent	
  tools	
  that	
  
aren’t	
  integrated	
  together.5
	
  This	
  security	
  challenge	
  is	
  certainly	
  understandable.	
  Over	
  the	
  past	
  ten	
  years,	
  enterprise	
  
IT	
  security	
  has	
  grown	
  incrementally	
  more	
  difficult	
  because	
  of	
  new	
  and	
  unanticipated	
  threats	
  and	
  vulnerabilities.	
  As	
  
these	
  changes	
  occurred	
  in	
  the	
  past,	
  organizations	
  typically	
  upgraded	
  their	
  security	
  products,	
  purchased	
  new	
  
signature-­‐based	
  threat	
  management	
  tools,	
  created	
  new	
  rules	
  for	
  perimeter	
  gateways,	
  and	
  increased	
  their	
  security	
  
analytics	
  activities.	
  Over	
  time,	
  this	
  has	
  led	
  to	
  a	
  security	
  infrastructure	
  anchored	
  by	
  numerous	
  disconnected	
  point	
  
tools	
  for	
  incident	
  detection/response.	
  	
  
Tactically	
  driven	
  enterprise	
  IT	
  security	
  has	
  always	
  suffered	
  from	
  operational	
  inefficiencies,	
  but	
  even	
  with	
  this	
  it	
  
provided	
  reasonably	
  adequate	
  protection	
  against	
  threats	
  such	
  as	
  general	
  purpose	
  malware,	
  spam,	
  and	
  amateur	
  
hackers.	
  Unfortunately,	
  existing	
  security	
  systems,	
  which	
  are	
  often	
  perimeter	
  and	
  signature	
  based,	
  are	
  no	
  match	
  for	
  
today’s	
  insidious	
  threat	
  landscape.	
  This	
  is	
  especially	
  true	
  with	
  regard	
  to	
  security	
  analysis	
  tools	
  because:	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
5
	
  Source:	
  Ibid.	
  
23%	
  
28%	
  
28%	
  
28%	
  
29%	
  
29%	
  
35%	
  
39%	
  
0%	
   10%	
   20%	
   30%	
   40%	
   50%	
  
Lack	
  of	
  proper	
  level	
  of	
  tuning	
  of	
  our	
  SIEM	
  and	
  other	
  
security	
  tools	
  
Lack	
  of	
  adequate	
  data	
  colleceon/monitoring	
  in	
  one	
  
or	
  more	
  criecal	
  area	
  
My	
  organizaeon	
  lacks	
  the	
  right	
  level	
  of	
  security	
  
analysis	
  skills	
  needed	
  
Sophisecated	
  security	
  events	
  have	
  become	
  too	
  
hard	
  to	
  detect	
  for	
  us	
  
Incident	
  deteceon	
  depends	
  upon	
  too	
  many	
  
independent	
  tools	
  that	
  aren’t	
  integrated	
  together	
  
Incident	
  deteceon	
  depends	
  upon	
  too	
  many	
  manual	
  
processes	
  
Too	
  many	
  false	
  posieve	
  responses	
  
Lack	
  of	
  adequate	
  staffing	
  in	
  security	
  operaeons/
incident	
  response	
  team(s)	
  
Which	
  of	
  the	
  following	
  challenges	
  does	
  your	
  organizaPon	
  face	
  when	
  it	
  comes	
  to	
  
incident	
  detecPon?	
  (Percent	
  of	
  respondents,	
  N=257,	
  mulPple	
  responses	
  
accepted)	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  7	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
• Security	
  analytics	
  tools	
  can’t	
  keep	
  up	
  with	
  today’s	
  data	
  collection	
  and	
  processing	
  needs.	
  According	
  to	
  ESG	
  
research,	
  47%	
  of	
  enterprise	
  organizations	
  collect,	
  process,	
  and	
  analyze	
  more	
  than	
  6	
  terabytes	
  of	
  security	
  
data	
  on	
  a	
  monthly	
  basis.	
  Additionally,	
  the	
  majority	
  of	
  enterprises	
  collect,	
  process,	
  store,	
  and	
  analyze	
  more	
  
security	
  data	
  than	
  they	
  did	
  two	
  years	
  ago	
  (see	
  Figure	
  4).6
	
  And	
  this	
  data	
  remains	
  online	
  for	
  longer	
  periods	
  of	
  
time.	
  These	
  trends	
  will	
  continue—security-­‐driven	
  enterprises	
  will	
  regularly	
  collect,	
  process,	
  and	
  analyze	
  
petabytes	
  of	
  online	
  security	
  data	
  for	
  analysis,	
  investigations,	
  and	
  modeling.	
  Legacy	
  Security	
  Information	
  and	
  
Event	
  Management	
  (SIEM)	
  platforms	
  are	
  often	
  based	
  upon	
  off-­‐the-­‐shelf	
  SQL	
  databases	
  or	
  proprietary	
  data	
  
stores	
  that	
  simply	
  can’t	
  scale	
  for	
  this	
  type	
  of	
  data	
  volume.	
  As	
  this	
  happens,	
  security	
  analytics	
  needs	
  are	
  
hamstrung	
  by	
  basic	
  technology	
  limitations.	
  This	
  creates	
  a	
  Faustian	
  compromise	
  where	
  security	
  technology	
  
deficiencies	
  ironically	
  slow	
  down	
  incident	
  detection/response,	
  limit	
  investigations,	
  and	
  increase	
  IT	
  risk.	
  	
  
Figure	
  4.	
  Growth	
  in	
  Amount	
  of	
  Data	
  Collected	
  for	
  Information	
  Security	
  Activities	
  
	
  
Source:	
  Enterprise	
  Strategy	
  Group,	
  2013.	
  
	
  
• Organizations	
  need	
  an	
  enterprise-­‐wide	
  security	
  purview.	
  Security	
  analytics	
  point	
  tools	
  tend	
  to	
  provide	
  
monitoring	
  and	
  investigative	
  capabilities	
  against	
  explicit	
  types	
  of	
  threats	
  (i.e.,	
  network	
  threats,	
  malware	
  
threats,	
  application-­‐layer	
  threats,	
  etc.)	
  or	
  specific	
  IT	
  infrastructure	
  locations	
  (i.e.,	
  data	
  center,	
  campus	
  
network,	
  remote	
  offices,	
  host	
  etc.).	
  This	
  forces	
  CISOs	
  to	
  piece	
  together	
  an	
  aggregated	
  view	
  of	
  enterprise	
  
security	
  through	
  numerous	
  tools,	
  reports,	
  and	
  individual	
  security	
  personnel.	
  This	
  methodology	
  is	
  
cumbersome,	
  labor-­‐intensive,	
  and	
  can’t	
  really	
  provide	
  an	
  accurate	
  picture	
  of	
  risk	
  or	
  an	
  incident	
  
detection/response	
  across	
  networks,	
  servers,	
  operating	
  systems,	
  applications,	
  databases,	
  storage,	
  and	
  
endpoint	
  devices	
  scattered	
  throughout	
  the	
  enterprise.	
  	
  
• Existing	
  security	
  analysis	
  tools	
  depend	
  excessively	
  on	
  customization	
  and	
  human	
  intelligence.	
  Enterprise	
  
security	
  analysis	
  is	
  complex	
  and	
  requires	
  specialized	
  skills	
  and	
  strong	
  experience.	
  As	
  stated	
  previously	
  
however,	
  these	
  skills	
  are	
  in	
  short	
  supply—even	
  the	
  most	
  security-­‐conscious	
  enterprises	
  are	
  finding	
  it	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
6
	
  Source:	
  Ibid.	
  
We	
  collect	
  
substaneally	
  more	
  
data	
  to	
  support	
  our	
  
informaeon	
  security	
  
aceviees	
  today	
  than	
  
we	
  did	
  2	
  years	
  ago,	
  
43%	
  
We	
  collect	
  
somewhat	
  more	
  
data	
  to	
  support	
  our	
  
informaeon	
  security	
  
aceviees	
  today	
  than	
  
we	
  did	
  2	
  years	
  ago,	
  
43%	
  
We	
  collect	
  about	
  
the	
  same	
  amount	
  of	
  
data	
  to	
  support	
  our	
  
informaeon	
  security	
  
aceviees	
  today	
  as	
  
we	
  did	
  2	
  years	
  ago,	
  
14%	
  
How	
  has	
  the	
  amount	
  of	
  data	
  your	
  organizaPon	
  collects	
  to	
  support	
  its	
  
informaPon	
  security	
  acPviPes	
  changed	
  in	
  the	
  last	
  2	
  years?	
  (Percent	
  of	
  
respondents,	
  N=257)	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  8	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
difficult	
  to	
  continuously	
  train	
  their	
  security	
  staff	
  or	
  hire	
  new	
  recruits.	
  Regrettably,	
  it	
  seems	
  that	
  many	
  
security	
  analytic	
  systems	
  were	
  designed	
  to	
  be	
  used	
  only	
  by	
  advanced	
  security	
  analysts	
  who	
  have	
  the	
  time	
  
and	
  skills	
  to	
  constantly	
  fine-­‐tune	
  and	
  customize	
  these	
  tools,	
  and	
  who	
  know	
  exactly	
  what	
  to	
  look	
  for.	
  Over-­‐
burdened	
  security	
  professionals	
  desperately	
  need	
  security	
  tools	
  that	
  provide	
  more	
  intelligence	
  rather	
  than	
  
more	
  work.	
  	
  
• Analytics	
  aren’t	
  integrated	
  for	
  automated	
  incident	
  response.	
  For	
  the	
  most	
  part,	
  today’s	
  security	
  analytics	
  
tools	
  remain	
  independent	
  from	
  security	
  remediation	
  systems.	
  This	
  often	
  means	
  that	
  without	
  automation,	
  
what	
  is	
  found	
  isn’t	
  fixed	
  quickly	
  or	
  reliably.	
  Therefore,	
  when	
  an	
  analyst	
  detects	
  a	
  problem,	
  she	
  still	
  must	
  
manually	
  coordinate	
  remediation	
  activities	
  and	
  workflow	
  with	
  other	
  security	
  or	
  IT	
  operations	
  personnel.	
  
Once	
  again,	
  this	
  adds	
  operational	
  overhead	
  and	
  extends	
  the	
  timeframe	
  needed	
  for	
  incident	
  response	
  which	
  
could	
  mean	
  the	
  difference	
  between	
  a	
  minor	
  security	
  event	
  and	
  a	
  major	
  breach.	
  And	
  this	
  problem	
  only	
  gets	
  
worse	
  when	
  breach	
  responses	
  need	
  to	
  include	
  non-­‐IT	
  organizations	
  such	
  as	
  legal,	
  HR,	
  and	
  business	
  owners.	
  
Enter	
  the	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  
At	
  the	
  beginning	
  of	
  WWI,	
  Allied	
  troops	
  executed	
  tactics	
  used	
  during	
  the	
  American	
  Civil	
  War—overwhelm	
  your	
  
enemy	
  by	
  advancing	
  a	
  large	
  army	
  rapidly.	
  Unfortunately,	
  this	
  proved	
  to	
  be	
  a	
  costly	
  mistake.	
  Why?	
  With	
  the	
  
invention	
  of	
  the	
  machine	
  gun,	
  these	
  tactics	
  resulted	
  in	
  massive	
  loss	
  of	
  life	
  rather	
  than	
  battlefield	
  success.	
  	
  
Technology	
  advances	
  like	
  the	
  machine	
  gun	
  force	
  combatants	
  to	
  adopt	
  new	
  warfare	
  strategies	
  and	
  tactics.	
  This	
  same	
  
lesson	
  applies	
  to	
  the	
  cybersecurity	
  battlefield.	
  As	
  cyber	
  criminals	
  and	
  state-­‐sponsored	
  adversaries	
  advance	
  their	
  
capabilities	
  with	
  targeted	
  attacks,	
  social	
  engineering,	
  stealthy	
  malware,	
  and	
  application-­‐layer	
  exploits,	
  enterprises	
  
have	
  no	
  choice	
  but	
  to	
  adopt	
  new	
  strategies	
  and	
  defenses.	
  	
  
ESG	
  believes	
  that	
  these	
  new	
  requirements	
  will	
  result	
  in	
  an	
  enterprise	
  security	
  technology	
  transition	
  over	
  the	
  next	
  
few	
  years.	
  Yes,	
  organizations	
  will	
  continue	
  to	
  employ	
  preventive	
  tactics	
  such	
  as	
  deploying	
  servers	
  in	
  hardened	
  
configurations	
  behind	
  firewalls,	
  removing	
  unnecessary	
  services	
  and	
  generic	
  administrator	
  accounts,	
  scanning	
  for	
  
known	
  malware	
  using	
  signatures,	
  and	
  patching	
  software	
  vulnerabilities,	
  but	
  used	
  alone	
  these	
  defensive	
  techniques	
  
are	
  not	
  enough.	
  To	
  supplement	
  these	
  security	
  practices,	
  organizations	
  will	
  embrace	
  new	
  security	
  analytics	
  tools	
  for	
  
continuous	
  monitoring,	
  investigations,	
  risk	
  management,	
  and	
  incident	
  detection/response.	
  Given	
  the	
  volume	
  of	
  
security	
  data	
  collection,	
  processing,	
  storage,	
  and	
  analysis	
  involved,	
  security	
  analytics	
  is	
  rapidly	
  becoming	
  a	
  classic	
  
“big	
  data”	
  problem.	
  In	
  fact,	
  ESG	
  research	
  indicates	
  that	
  44%	
  of	
  enterprises	
  consider	
  security	
  data	
  collection	
  and	
  
analysis	
  big	
  data	
  today,	
  while	
  another	
  44%	
  believe	
  that	
  security	
  data	
  collection	
  and	
  analysis	
  will	
  become	
  big	
  data	
  
within	
  the	
  next	
  24	
  months	
  (see	
  Figure	
  5).	
  7
	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  
7
	
  Source:	
  Ibid.	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  9	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
Figure	
  5.	
  Security	
  Data	
  Collection	
  and	
  Analysis	
  Considered	
  “Big	
  Data”	
  
	
  
Source:	
  Enterprise	
  Strategy	
  Group,	
  2013.	
  
To	
  be	
  clear,	
  big	
  data	
  security	
  analytics	
  isn’t	
  a	
  simple	
  merger	
  of	
  events,	
  logs,	
  and	
  network	
  traffic	
  in	
  big	
  data	
  
technologies	
  such	
  as	
  Cassandra	
  and	
  Hadoop	
  (although	
  these	
  underlying	
  technologies	
  may	
  play	
  a	
  role	
  in	
  the	
  
technology	
  infrastructure	
  of	
  a	
  solution).	
  To	
  ESG,	
  big	
  data	
  security	
  is	
  really	
  about	
  collecting	
  and	
  processing	
  
numerous	
  internal	
  and	
  external	
  security	
  data	
  sources,	
  and	
  analyzing	
  this	
  data	
  immediately	
  to	
  gain	
  real-­‐time	
  
situational	
  awareness	
  across	
  the	
  enterprise.	
  Once	
  security	
  data	
  is	
  analyzed,	
  the	
  next	
  step	
  is	
  using	
  this	
  new	
  
intelligence	
  as	
  a	
  baseline	
  for	
  adjusting	
  security	
  strategies,	
  tactics,	
  and	
  systems,	
  much	
  faster	
  than	
  ever	
  before.	
  
Big	
  Data	
  Security	
  Analytics	
  Technology	
  Transformation	
  
Ultimately,	
  the	
  objective	
  of	
  big	
  data	
  security	
  analytics	
  is	
  to	
  provide	
  a	
  comprehensive	
  and	
  up-­‐to-­‐the-­‐second	
  view	
  of	
  
IT	
  activities	
  so	
  that	
  security	
  analysts	
  and	
  executives	
  can	
  make	
  timely,	
  data-­‐driven	
  decisions.	
  From	
  a	
  technology	
  
perspective,	
  this	
  will	
  require	
  new	
  security	
  systems	
  providing:	
  
• Massive	
  scale.	
  Security	
  analytics	
  and	
  forensics	
  engines	
  will	
  need	
  to	
  efficiently	
  collect,	
  process,	
  query,	
  and	
  
apply	
  analytic	
  rules	
  to	
  terabytes	
  or	
  petabytes	
  of	
  data	
  including	
  logs,	
  network	
  packets,	
  threat	
  intelligence,	
  
asset	
  information,	
  sensitive	
  data	
  tracking,	
  known	
  vulnerabilities,	
  application	
  activities,	
  and	
  user	
  behavior.	
  
This	
  is	
  why	
  core	
  big	
  data	
  technologies	
  such	
  as	
  Hadoop,	
  an	
  open	
  source	
  software	
  project	
  for	
  distributed	
  
processing	
  of	
  extremely	
  large	
  data	
  sets	
  across	
  commodity	
  servers,	
  is	
  a	
  good	
  fit	
  for	
  burgeoning	
  security	
  
analytics	
  requirements.	
  Additionally,	
  big	
  data	
  security	
  analytics	
  will	
  likely	
  be	
  deployed	
  in	
  a	
  distributed	
  
architecture,	
  thus	
  the	
  underlying	
  technology	
  must	
  be	
  able	
  to	
  centralize	
  analysis	
  of	
  massive	
  volumes	
  of	
  
distributed	
  data	
  while	
  maintaining	
  data	
  integrity	
  and	
  providing	
  for	
  high-­‐performance	
  needs.	
  	
  
Yes,	
  security	
  data	
  
colleceon	
  and	
  analysis	
  
would	
  be	
  considered	
  
“big	
  data”	
  within	
  my	
  
organizaeon	
  today,	
  
44%	
  
No,	
  but	
  based	
  on	
  my	
  
organizaeon’s	
  security	
  
strategy	
  we	
  will	
  likely	
  
consider	
  security	
  data	
  
colleceon	
  and	
  analysis	
  
“big	
  data”	
  within	
  the	
  
next	
  12	
  months,	
  30%	
  
No,	
  but	
  based	
  on	
  my	
  
organizaeon’s	
  security	
  
strategy	
  we	
  will	
  likely	
  
consider	
  security	
  data	
  
colleceon	
  and	
  analysis	
  
“big	
  data”	
  within	
  the	
  
next	
  24	
  months,	
  14%	
  
No,	
  security	
  data	
  
colleceon	
  and	
  analysis	
  
is	
  not	
  considered	
  “big	
  
data”	
  within	
  my	
  
organizaeon,	
  11%	
  
Don’t	
  know,	
  2%	
  
Do	
  you	
  believe	
  that	
  security	
  data	
  collecPon	
  and	
  analysis	
  would	
  be	
  considered	
  “big	
  data”	
  
at	
  your	
  organizaPon?	
  (Percent	
  of	
  respondents,	
  N=257)	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  10	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
• Enhanced	
  intelligence.	
  The	
  best	
  big	
  data	
  security	
  analytics	
  tools	
  will	
  act	
  as	
  intelligent	
  advisors,	
  leveraging	
  
models	
  of	
  normal	
  behavior,	
  adapting	
  to	
  new	
  threat/vulnerability	
  intelligence,	
  and	
  pinpointing	
  anomalies	
  at	
  
any	
  layer	
  of	
  the	
  technology	
  stack	
  that	
  requires	
  immediate	
  investigation.	
  To	
  accomplish	
  this,	
  big	
  data	
  
security	
  analytics	
  will	
  offer	
  a	
  combination	
  of	
  templates,	
  heuristics,	
  statistical	
  and	
  behavior	
  models,	
  
correlation	
  rules,	
  threat	
  intelligence	
  feeds,	
  etc.	
  	
  
• Tight	
  integration.	
  To	
  keep	
  up	
  with	
  the	
  constantly	
  changing	
  threat	
  landscape,	
  big	
  data	
  security	
  analytics	
  
must	
  interoperate	
  with	
  IT	
  assets	
  and	
  leverage	
  automated	
  security	
  intelligence.	
  Beyond	
  this,	
  however,	
  big	
  
data	
  security	
  analytics	
  should	
  be	
  tightly	
  integrated	
  with	
  security	
  policy	
  controls	
  for	
  tactical	
  adjustments	
  and	
  
automation.	
  When	
  security	
  analytics	
  point	
  to	
  unusual	
  network	
  traffic	
  emanating	
  from	
  mobile	
  devices,	
  
security	
  analysts	
  should	
  be	
  provided	
  with	
  specific	
  change	
  instructions	
  to	
  quarantine	
  traffic	
  flows	
  and	
  
minimize	
  risk.	
  Ideally,	
  security	
  analytics	
  systems	
  can	
  be	
  used	
  to	
  automate	
  remediation	
  activities,	
  a	
  form	
  of	
  
active	
  defense,	
  for	
  routine	
  changes	
  or	
  in	
  emergency	
  situations.	
  	
  
Armed	
  with	
  a	
  comprehensive	
  real-­‐time	
  view	
  of	
  security	
  situational	
  awareness,	
  big	
  data	
  security	
  analytic	
  systems	
  
will	
  become	
  the	
  nexus	
  for	
  both	
  risk	
  management	
  and	
  incident	
  detection/response.	
  This	
  includes	
  specialized	
  
security	
  activities	
  such	
  as	
  regulatory	
  compliance,	
  security	
  investigations,	
  control	
  tracking/reporting,	
  and	
  security	
  
performance	
  metrics.	
  	
  
CISOs	
  Must	
  Become	
  Big	
  Data	
  Security	
  Advocates	
  
Big	
  data	
  security	
  analytics	
  is	
  no	
  longer	
  a	
  visionary	
  idea—leading	
  enterprises	
  recognize	
  that	
  their	
  immediate	
  security	
  
requirements	
  demand	
  this	
  type	
  of	
  solution.	
  To	
  proceed	
  with	
  big	
  data	
  security	
  analytics	
  planning	
  and	
  
implementation,	
  ESG	
  suggests	
  that	
  CISOs:	
  
• Address	
  limitations	
  with	
  existing	
  security	
  infrastructure.	
  Compare	
  security	
  analytics	
  output	
  with	
  existing	
  
capabilities,	
  processes,	
  and	
  requirements.	
  Does	
  your	
  organization	
  have	
  “blind	
  spots”?	
  Is	
  the	
  organization	
  
conducting	
  continuous	
  monitoring	
  or	
  basing	
  its	
  security	
  assessments	
  on	
  periodic	
  (occasional)	
  scans?	
  Is	
  the	
  
organization	
  understaffed	
  or	
  lacking	
  security	
  analytics	
  skills?	
  How	
  long	
  does	
  it	
  take	
  to	
  detect,	
  investigate,	
  
and	
  respond	
  to	
  security	
  incidents?	
  Rather	
  than	
  deal	
  with	
  security	
  analytics	
  weaknesses	
  piecemeal,	
  develop	
  
a	
  big	
  data	
  security	
  analytics	
  project	
  plan	
  that	
  addresses	
  critical	
  areas	
  through	
  a	
  phased	
  approach.	
  
Remember	
  to	
  build	
  processes	
  and	
  technologies	
  that	
  can	
  serve	
  as	
  a	
  foundation	
  for	
  all	
  phases	
  of	
  the	
  project.	
  
This	
  should	
  help	
  deliver	
  incremental	
  value	
  throughout.	
  
• Shift	
  investments	
  from	
  prevention	
  to	
  detection/remediation.	
  Yes,	
  it	
  is	
  still	
  important	
  to	
  lock	
  down	
  IT	
  
assets	
  to	
  minimize	
  risk,	
  but	
  CISOs	
  must	
  realize	
  that	
  despite	
  these	
  best	
  practices,	
  networks	
  will	
  be	
  attacked,	
  
penetrated,	
  and	
  compromised.	
  Savvy	
  CISOs	
  will	
  capture	
  incident	
  detection/response	
  metrics	
  (i.e.,	
  time	
  to	
  
discover	
  a	
  security	
  incident,	
  time	
  to	
  investigate	
  and	
  remediate	
  a	
  security	
  incident,	
  number	
  of	
  tools	
  used,	
  
number	
  of	
  staff	
  hours	
  needed,	
  etc.)	
  before	
  and	
  after	
  a	
  big	
  data	
  security	
  analytics	
  implementation	
  to	
  
measure	
  ROI	
  on	
  security	
  operations	
  and	
  risk	
  management	
  goals.	
  	
  
• Identify	
  staffing	
  deficiencies	
  and	
  knowledge	
  gaps.	
  As	
  ESG	
  research	
  indicates,	
  most	
  organizations	
  have	
  
security	
  organizational	
  problems	
  around	
  skills	
  and	
  headcount.	
  In	
  most	
  cases,	
  CISOs	
  will	
  not	
  be	
  able	
  to	
  hire	
  
and	
  train	
  their	
  way	
  out	
  of	
  this	
  problem,	
  so	
  they	
  need	
  alternative	
  strategies.	
  ESG	
  recommends	
  that	
  CISOs	
  
clearly	
  identify	
  areas	
  of	
  weakness	
  at	
  the	
  genesis	
  of	
  their	
  big	
  data	
  security	
  analytics	
  planning	
  process.	
  This	
  
will	
  help	
  them	
  define	
  their	
  needs	
  for	
  security	
  technology	
  intelligence,	
  external	
  data	
  feeds,	
  and	
  
professional/managed	
  security	
  services	
  to	
  fill	
  the	
  gaps.	
  
Finally,	
  big	
  data	
  security	
  analytics	
  is	
  antithetical	
  to	
  today’s	
  typical	
  security	
  infrastructure,	
  which	
  is	
  based	
  upon	
  point	
  
tools	
  and	
  limited	
  scale.	
  Impending	
  enterprise	
  security	
  technology	
  changes	
  will	
  likely	
  resemble	
  the	
  business	
  
application	
  transition	
  in	
  the	
  1990s	
  when	
  departmental	
  applications	
  were	
  replaced	
  with	
  enterprise-­‐class	
  ERP	
  
software	
  architectures.	
  	
  
To	
  avoid	
  the	
  potential	
  pitfalls	
  associated	
  with	
  this	
  type	
  of	
  evolution,	
  enterprises	
  should	
  seek	
  out	
  technology	
  
vendors	
  with	
  deep	
  security	
  experience,	
  a	
  portfolio	
  of	
  leading	
  security	
  analytics	
  products,	
  a	
  strong	
  big	
  data	
  security	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  11	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
analytics	
  strategy,	
  strong	
  enterprise	
  experience,	
  complementary	
  threat	
  intelligence	
  services,	
  relationships	
  with	
  
proven	
  MSSPs,	
  and	
  security-­‐focused	
  professional	
  services	
  to	
  help	
  CISOs	
  with	
  planning,	
  deployment,	
  and	
  ongoing	
  big	
  
data	
  security	
  analytics	
  management.	
  Particularly	
  with	
  its	
  recent	
  product	
  introduction	
  of	
  RSA	
  Security	
  Analytics,	
  RSA	
  
Security	
  is	
  one	
  of	
  only	
  a	
  few	
  security	
  vendors	
  who	
  meet	
  this	
  profile.	
  As	
  such,	
  enterprise	
  CISOs	
  would	
  be	
  well	
  served	
  
to	
  assess	
  how	
  RSA	
  Security	
  Analytics	
  and	
  related	
  solutions	
  and	
  services	
  align	
  with	
  their	
  big	
  data	
  security	
  analytics	
  
vision,	
  strategy,	
  and	
  tactical	
  plans	
  and	
  requirements.	
  	
  
White	
  Paper:	
  The	
  Big	
  Data	
  Security	
  Analytics	
  Era	
  Is	
  Here	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  12	
  
©	
  2013	
  by	
  The	
  Enterprise	
  Strategy	
  Group,	
  Inc.	
  All	
  Rights	
  Reserved.	
  
The	
  Bigger	
  Truth	
  
Enhancing	
  security	
  management	
  maturity	
  is	
  not	
  a	
  straight-­‐line	
  process	
  and	
  thus	
  CISOs	
  should	
  expect	
  peaks	
  and	
  
valleys	
  as	
  they	
  proceed	
  on	
  this	
  journey.	
  Based	
  upon	
  a	
  few	
  current	
  market	
  trends	
  and	
  ESG	
  research	
  data,	
  it	
  appears	
  
as	
  though	
  many	
  organizations	
  are	
  stuck	
  in	
  a	
  security	
  management	
  valley	
  at	
  present.	
  	
  
In	
  truth,	
  security	
  management	
  maturity	
  has	
  reached	
  a	
  tipping	
  point.	
  To	
  move	
  forward,	
  CISOs	
  should	
  conduct	
  an	
  
honest	
  assessment	
  of	
  their	
  security	
  technology	
  infrastructure.	
  Can	
  it	
  provide	
  the	
  necessary	
  monitoring,	
  
investigative,	
  and	
  data	
  analysis	
  to	
  support	
  real-­‐time	
  security	
  decisions?	
  Can	
  it	
  collect,	
  process,	
  and	
  analyze	
  the	
  
volume	
  of	
  data	
  needed	
  to	
  track	
  security	
  activities	
  at	
  all	
  layers	
  of	
  the	
  technology	
  stack?	
  Does	
  it	
  require	
  unreasonable	
  
care	
  and	
  feeding?	
  Regrettably,	
  CISOs	
  may	
  find	
  that	
  they	
  are	
  spending	
  a	
  lot	
  of	
  money	
  for	
  poor	
  incident	
  detection,	
  
investigation,	
  response,	
  and	
  workflow	
  results.	
  
Given	
  the	
  sophistication	
  of	
  malware	
  threats	
  and	
  cyber	
  criminals,	
  there	
  are	
  no	
  “silver	
  bullets”	
  or	
  easy	
  answers	
  here.	
  
What’s	
  needed	
  more	
  than	
  anything	
  is	
  better	
  visibility	
  through	
  improved	
  data	
  analysis—more	
  data,	
  better	
  security	
  
intelligence,	
  real-­‐time	
  collection	
  and	
  correlation,	
  etc.	
  With	
  real-­‐time	
  situational	
  awareness,	
  CISOs	
  and	
  their	
  security	
  
analysts	
  can	
  adjust	
  their	
  tactics,	
  prioritize	
  activities,	
  and	
  accelerate	
  processes.	
  Ultimately,	
  this	
  should	
  help	
  
enterprises	
  improve	
  security	
  and	
  lower	
  costs.	
  This	
  alone	
  should	
  make	
  big	
  data	
  security	
  analytics	
  exceptionally	
  
attractive	
  to	
  enterprise	
  CISOs.	
  	
  
	
  
	
  
	
  
	
  
 
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
20	
  Asylum	
  Street	
  	
  |	
  	
  Milford,	
  MA	
  01757	
  	
  |	
  	
  Tel:	
  508.482.0188	
  	
  Fax:	
  508.482.0218	
  	
  |	
  	
  www.esg-­‐global.com	
  
	
  

More Related Content

What's hot

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuBGA Cyber Security
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Mighty Guides, Inc.
 
vmware-best-practices-healthcare-it-security-whitepaper
vmware-best-practices-healthcare-it-security-whitepapervmware-best-practices-healthcare-it-security-whitepaper
vmware-best-practices-healthcare-it-security-whitepaperTony Amaddio
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Using Security Metrics to Drive Action
Using Security Metrics to Drive ActionUsing Security Metrics to Drive Action
Using Security Metrics to Drive ActionMighty Guides, Inc.
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security CanvasRobert Greiner
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementMighty Guides, Inc.
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience InsuranceAccenture Insurance
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Matthew Olney
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
rp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responserp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responseMaciej Buczkowski
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 

What's hot (20)

Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black SunumuThreat Hunting ve EDR Etkinliği Carbon Black Sunumu
Threat Hunting ve EDR Etkinliği Carbon Black Sunumu
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
 
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
Carbon Black: 32 Security Experts on Changing Endpoint Security - Quotes from...
 
vmware-best-practices-healthcare-it-security-whitepaper
vmware-best-practices-healthcare-it-security-whitepapervmware-best-practices-healthcare-it-security-whitepaper
vmware-best-practices-healthcare-it-security-whitepaper
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Using Security Metrics to Drive Action
Using Security Metrics to Drive ActionUsing Security Metrics to Drive Action
Using Security Metrics to Drive Action
 
POV - Enterprise Security Canvas
POV - Enterprise Security CanvasPOV - Enterprise Security Canvas
POV - Enterprise Security Canvas
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Websense
WebsenseWebsense
Websense
 
Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001Why Comply? Does your business need ISO27001
Why Comply? Does your business need ISO27001
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
rp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-responserp-esg-tackling-attack-detection-incident-response
rp-esg-tackling-attack-detection-incident-response
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 

Viewers also liked

Global agilityagile2012
Global agilityagile2012Global agilityagile2012
Global agilityagile2012drewz lin
 
Agile 2012 contracting 2 step
Agile 2012 contracting 2 stepAgile 2012 contracting 2 step
Agile 2012 contracting 2 stepdrewz lin
 
云存储与虚拟化分论坛 生活在云端 蔡礼洪
云存储与虚拟化分论坛 生活在云端 蔡礼洪云存储与虚拟化分论坛 生活在云端 蔡礼洪
云存储与虚拟化分论坛 生活在云端 蔡礼洪drewz lin
 
Cloudsnetworking
CloudsnetworkingCloudsnetworking
Cloudsnetworkingdrewz lin
 
4 高阳 淘宝主站cgroup资源控制实践
4 高阳 淘宝主站cgroup资源控制实践4 高阳 淘宝主站cgroup资源控制实践
4 高阳 淘宝主站cgroup资源控制实践drewz lin
 
章文嵩:使用Lvs集群架设高可扩展的网络服务
章文嵩:使用Lvs集群架设高可扩展的网络服务章文嵩:使用Lvs集群架设高可扩展的网络服务
章文嵩:使用Lvs集群架设高可扩展的网络服务drewz lin
 
Top100summit 宗刚-全生命周期性能评估体系的实践
Top100summit 宗刚-全生命周期性能评估体系的实践Top100summit 宗刚-全生命周期性能评估体系的实践
Top100summit 宗刚-全生命周期性能评估体系的实践drewz lin
 
Evolve your agile coaching dashboard ver 2
Evolve your agile coaching dashboard ver 2Evolve your agile coaching dashboard ver 2
Evolve your agile coaching dashboard ver 2drewz lin
 
#Lamp人#淘宝数据魔方的系统架构 -长林
#Lamp人#淘宝数据魔方的系统架构  -长林#Lamp人#淘宝数据魔方的系统架构  -长林
#Lamp人#淘宝数据魔方的系统架构 -长林drewz lin
 
云安全防护的战略思考
云安全防护的战略思考云安全防护的战略思考
云安全防护的战略思考drewz lin
 

Viewers also liked (10)

Global agilityagile2012
Global agilityagile2012Global agilityagile2012
Global agilityagile2012
 
Agile 2012 contracting 2 step
Agile 2012 contracting 2 stepAgile 2012 contracting 2 step
Agile 2012 contracting 2 step
 
云存储与虚拟化分论坛 生活在云端 蔡礼洪
云存储与虚拟化分论坛 生活在云端 蔡礼洪云存储与虚拟化分论坛 生活在云端 蔡礼洪
云存储与虚拟化分论坛 生活在云端 蔡礼洪
 
Cloudsnetworking
CloudsnetworkingCloudsnetworking
Cloudsnetworking
 
4 高阳 淘宝主站cgroup资源控制实践
4 高阳 淘宝主站cgroup资源控制实践4 高阳 淘宝主站cgroup资源控制实践
4 高阳 淘宝主站cgroup资源控制实践
 
章文嵩:使用Lvs集群架设高可扩展的网络服务
章文嵩:使用Lvs集群架设高可扩展的网络服务章文嵩:使用Lvs集群架设高可扩展的网络服务
章文嵩:使用Lvs集群架设高可扩展的网络服务
 
Top100summit 宗刚-全生命周期性能评估体系的实践
Top100summit 宗刚-全生命周期性能评估体系的实践Top100summit 宗刚-全生命周期性能评估体系的实践
Top100summit 宗刚-全生命周期性能评估体系的实践
 
Evolve your agile coaching dashboard ver 2
Evolve your agile coaching dashboard ver 2Evolve your agile coaching dashboard ver 2
Evolve your agile coaching dashboard ver 2
 
#Lamp人#淘宝数据魔方的系统架构 -长林
#Lamp人#淘宝数据魔方的系统架构  -长林#Lamp人#淘宝数据魔方的系统架构  -长林
#Lamp人#淘宝数据魔方的系统架构 -长林
 
云安全防护的战略思考
云安全防护的战略思考云安全防护的战略思考
云安全防护的战略思考
 

Similar to Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013

Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterEMC
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity ModelSecurity Innovation
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelKoen Maris
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperNetIQ
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security RisksChris Ross
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016Tim Grieveson
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Leslie McFarlin
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
AMSJ-GSI-Summer Feature
AMSJ-GSI-Summer FeatureAMSJ-GSI-Summer Feature
AMSJ-GSI-Summer FeatureAndrei Stewart
 
The SIEM Buyer Guide the siem buyer guide
The SIEM Buyer Guide the siem buyer guideThe SIEM Buyer Guide the siem buyer guide
The SIEM Buyer Guide the siem buyer guideroongrus
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure SentinelMighty Guides, Inc.
 

Similar to Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013 (20)

Building an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations CenterBuilding an Intelligence-Driven Security Operations Center
Building an Intelligence-Driven Security Operations Center
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity Model
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
 
Streamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White PaperStreamline Compliance and Increase ROI White Paper
Streamline Compliance and Increase ROI White Paper
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
infosec-it
infosec-itinfosec-it
infosec-it
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
State of Security Operations 2016
State of Security Operations 2016State of Security Operations 2016
State of Security Operations 2016
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018Exploration Draft Document- CEM Machine Learning & AI Project 2018
Exploration Draft Document- CEM Machine Learning & AI Project 2018
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
ICISS Newsletter Sept 14
ICISS Newsletter Sept 14ICISS Newsletter Sept 14
ICISS Newsletter Sept 14
 
AMSJ-GSI-Summer Feature
AMSJ-GSI-Summer FeatureAMSJ-GSI-Summer Feature
AMSJ-GSI-Summer Feature
 
The SIEM Buyer Guide the siem buyer guide
The SIEM Buyer Guide the siem buyer guideThe SIEM Buyer Guide the siem buyer guide
The SIEM Buyer Guide the siem buyer guide
 
7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel7 Experts on Implementing Azure Sentinel
7 Experts on Implementing Azure Sentinel
 

More from drewz lin

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2drewz lin
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equaldrewz lin
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21drewz lin
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansendrewz lin
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowaspdrewz lin
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usadrewz lin
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013drewz lin
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架drewz lin
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈drewz lin
 

More from drewz lin (20)

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansen
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowasp
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usa
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈
 

Recently uploaded

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementNuwan Dias
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Juan Carlos Gonzalez
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimizationarrow10202532yuvraj
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 

Recently uploaded (20)

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
The Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API ManagementThe Kubernetes Gateway API and its role in Cloud Native API Management
The Kubernetes Gateway API and its role in Cloud Native API Management
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?Governance in SharePoint Premium:What's in the box?
Governance in SharePoint Premium:What's in the box?
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization100+ ChatGPT Prompts for SEO Optimization
100+ ChatGPT Prompts for SEO Optimization
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 

Ast 0079872 1505924-esg_wp_rsa_big_data_and_security_analytics_jan_2013

  • 1.   White     Paper          The  Big  Data  Security  Analytics  Era  Is   Here         By  Jon  Oltsik,  Senior  Principal  Analyst       January  2013                                   This  ESG  White  Paper  was  commissioned  by  RSA  Security       and  is  distributed  under  license  from  ESG.       ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved  
  • 2. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  2   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Contents   Executive  Summary  .....................................................................................................................................  3   The  Obstacles  to  Improving  Organizational  Security  Maturity  ...................................................................  3   Legacy  Security  Monitoring  and  Analytics  Tools  Are  Also  Holding  Back  Progress  ......................................  6   Enter  the  Big  Data  Security  Analytics  Era  ....................................................................................................  8   Big  Data  Security  Analytics  Technology  Transformation  .........................................................................................  9   CISOs  Must  Become  Big  Data  Security  Advocates  ....................................................................................  10   The  Bigger  Truth  .......................................................................................................................................  12                                                                                                 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.  
  • 3. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  3   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Executive  Summary   A  few  years  ago,  ESG  created  a  security  management  maturity  model  that  outlined  a  progression  through  four   phases  of  a  security  management  program’s  evolution.  The  goal  was  to  leverage  ESG  research  to  uncover  success   strategies  and  best  practices,  then  use  this  information  to  help  CISOs  build  a  security  management  plan  and   prioritize  the  right  activities  in  order  to  improve  security  and  lower  risk,  while  continuing  to  build  the  organization’s   security  maturity.   CISOs  are  certainly  intent  on  evolving  the  maturity  of  their  security  management,  but  many  organizations  are  facing   unanticipated  problems  that  are  impeding  their  progress.  CISOs  face  an  insidious  threat  landscape  and  an   avalanche  of  new  technology  initiatives  that  make  security  management  increasingly  difficult.  Furthermore,   enterprise  organizations  are  finding  it  difficult  to  recruit  and  train  new  security  professionals—leaving  them  under-­‐ staffed  and  over-­‐burdened.  Taken  together,  new  security  risks  and  old  security  challenges  often  overwhelm  legacy   security  controls  and  analytics  tools.   Large  organizations  can  no  longer  rely  on  preventive  security  systems,  point  security  tools,  manual  processes,  and   hardened  configurations  to  protect  them  from  targeted  attacks  and  advanced  malware.  Henceforth,  security   management  must  be  based  upon  continuous  monitoring  and  data  analysis  for  up-­‐to-­‐the-­‐minute  situational   awareness  and  rapid  data-­‐driven  security  decisions.  This  means  that  large  organizations  have  entered  the  era  of  big   data  security  analytics.     This  white  paper  concludes  that:   • Security  and  market  trends  are  creating  new  security  management  hurdles.  Over  the  past  few  years,   CISOs  have  come  face-­‐to-­‐face  with  three  difficult  and  converging  trends.  First,  they  face  an  increasingly   hazardous  threat  landscape  full  of  stealthy  malware,  social  engineering,  and  targeted  attacks  from  well-­‐ funded  and  expert  adversaries.  Second,  they  have  been  called  upon  to  secure  new  technology  initiatives   such  as  cloud  computing,  mobile  devices,  and  server  virtualization.  Finally,  they  face  a  security  skills   shortage,  making  it  difficult  to  recruit  and  hire  new  security  talent.  These  obstacles  are  placing  new   demands  on  existing  security  staff,  processes,  and  technologies.   • The  existing  security  infrastructure  is  no  longer  adequate.  At  many  enterprise  organizations,  security   protection  and  analysis  depends  upon  an  army  of  independent  signature-­‐based  point  tools,  network   perimeter  gateways,  manual  processes,  and  specialized  skills.  While  this  loose  affiliation  of  security   technologies  may  have  been  sufficient  in  years  past,  they  are  no  match  for  the  scale  and  scope  of  today’s   threats  and  overall  security  management  requirements.   • IT  is  entering  the  era  of  big  data  security  analytics.  Risk  management  and  prevention  are  critical  but  no   longer  enough.  Moving  forward,  CISOs  need  real-­‐time  security  intelligence  and  situational  awareness  to   give  them  visibility  into  their  security  status  at  all  layers  of  the  technology  stack  and  across  the  enterprise.   Armed  with  this  type  of  intelligence,  security  executives  can  then  prioritize  actions,  adjust  security  controls,   accelerate  incident  detection,  and  improve  workflows  around  incident  response.  Taken  together,  these   advances  can  improve  security  while  lowering  security  operations  costs.       The  Obstacles  to  Improving  Organizational  Security  Maturity   After  studying  the  state  of  enterprise  information  security  in  2011,  ESG  published  a  security  management  maturity   model  to  provide  some  strategic  guidance  for  CISOs  (see  Figure  1).  At  that  time,  ESG  believed  that  most   organizations  were  still  in  phase  2,  thus  focused  on  compliance  and  defense-­‐in-­‐depth,  but  were  intent  on   proceeding  to  phase  3,  risk-­‐based  security,  as  soon  as  possible.        
  • 4. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  4   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Figure  1.  The  ESG  Information  Security  Management  Maturity  Model     Source:  Enterprise  Strategy  Group,  2013.   When  this  model  was  first  published  in  2011,  ESG  assumed  that  risk-­‐based  security  would  be  well  established  by   most  organizations  by  early  2013,  but  this  transition  has  proven  to  be  more  difficult  than  first  anticipated.  The  delay   is  not  due  to  a  lack  of  effort  by  security  teams.  In  fact,  in  the  past  couple  of  years,  many  CEOs  and  other  non-­‐ security  executives  have  become  more  involved  in  information  security  oversight  and  are  regularly  approving   projects  and  increasing  information  security  budgets.  Unfortunately,  the  transition  from  phase  2  to  3  for  most   organizations  has  become  more  difficult  than  projected  because  of:   • The  volume  and  sophistication  of  new  threats.  While  day-­‐to-­‐day  cyber  threats  continue  to  increase  at  an   exponential  rate,  CISOs  are  most  concerned  over  the  rise  of  targeted  and  advanced  malware  enabled   attacks  such  as  Advanced  Persistent  Threats  (APTs).  This  apprehension  is  well  deserved.  According  to  ESG   research,  59%  of  enterprises  are  certain  or  fairly  certain  that  they  have  been  the  target  of  an  APT,  while   30%  of  enterprises  believe  they  are  vulnerable  to  future  APTs.1  Detecting,  analyzing,  and  remediating   advanced  threats  adds  additional  requirements  to  the  risk-­‐based  phase  while  forcing  CISOs  to   simultaneously  assess  and  dramatically  improve  their  incident  detection  and  response  capabilities.     • Rapid  IT  changes.  Risk-­‐based  security  depends  upon  intimate  knowledge  of  every  IT  asset  deployed  on  the   network.  This  type  of  understanding  is  especially  difficult  when  IT  is  constantly  engaged  in  rolling  out  new   initiatives  such  as  server/endpoint  virtualization,  cloud  computing,  mobile  device  support,  and  supporting   BYOD  programs.  To  make  matters  worse,  many  new  IT  initiatives  are  based  upon  immature  technologies   that  are  prone  to  security  vulnerabilities,  and  may  not  play  well  with  existing  security  policies,  controls,  or   monitoring  tools.  For  example,  mobile  devices  like  smartphones  and  tablet  computers  present  a  number  of   security  management  challenges  around  policy  enforcement,  sensitive  data  discovery/management,  and   malware/threat  management  (see  Figure  2).2  The  continuous  adoption  of  new  technology  initiatives  adds   uncertainty  and  complexity  to  security  management.                                                                                                                           1  Source:  ESG  Research  Report,  U.S.  Advanced  Persistent  Threat  Analysis,  November  2011.   2  Source:  ESG  Research  Report,  Security  Management  and  Operations:  Changes  on  the  Horizon,  July  2012.  
  • 5. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  5   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Figure  2.  Mobile  Device  Security  Challenges     Source:  Enterprise  Strategy  Group,  2013.     • A  growing  security  skills  shortage.  In  2012,  over  half  of  all  organizations  planned  to  add  headcount  to  their   information  security  group  and  nearly  one-­‐quarter  of  all  organizations  (23%)  indicated  that  they  had  a   significant  shortage  of  security  skills.  CISOs  will  likely  find  it  extremely  difficult  to  simply  hire  their  way  out   of  this  problem—ESG  research  indicates  that  83%  of  enterprise  organizations  find  it  extremely  difficult  or   somewhat  difficult  to  recruit  and  hire  security  professionals.3     Combined  with  routine  day-­‐to-­‐day  activities,  the  security  market  trends  described  above  have  led  to  numerous   challenges  in  areas  such  as  incident  detection/response  (see  Figure  3).4  For  example,  the  overall  security  skills   shortage  has  an  impact  on  the  security  organization’s  incident  detection/response  capabilities  because  many   enterprises  lack  the  right  staffing  levels  and  skills.  Malware  volume  and  sophistication  is  forcing  security  analysts  to   sort  through  mountains  of  equally  weighted,  false  positive  alerts.  In  addition  to  staffing  and  skills  issues,  security   analysts  generally  rely  on  too  many  manual  processes  in  order  to  identify,  scope,  and  remediate  problems.                                                                                                                     3  Source:  Ibid.   4  Source:  ESG  Research  Report,  The  Emerging  Intersection  Between  Big  Data  and  Security  Analytics,  November  2012.   30%   40%   41%   41%   46%   46%   48%   0%   10%   20%   30%   40%   50%   60%   Discovering  mobile  devices  as  they  gain  access  to  the   network   Creaeng  security  policies  for  mobile  devices   Supporeng  new  device  types   Malware/threat  management  on  mobile  devices   Sensieve  data  confideneality  and  integrity  proteceon   when  accessed  from  or  stored  on  mobile  devices   Lost/stolen  mobile  devices  containing  sensieve  data   Enforcing  security  policies  for  mobile  devices   With  regard  to  mobile  device  security,  which  of  the  following  presents  the  most   significant  security  challenges  for  your  organizaPon?  (Percent  of  respondents,  N=315,   mulPple  responses  accepted)  
  • 6. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  6   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Figure  3.  Challenges  with  Incident  Detection     Source:  Enterprise  Strategy  Group,  2013.   What’s  most  alarming  here  is  that  the  challenges  outlined  in  Figure  3  have  a  cumulative  impact.  Security   departments  are  short-­‐staffed  and  lack  the  right  skills  amongst  the  analysts  they  do  have.  Meanwhile,  security   analysts  spend  an  inordinate  amount  of  time  sorting  through  false  positives  and  working  through  manual   processes,  which  wastes  what  little  time  they  have.  In  aggregate,  this  situation  is  operationally  inefficient,  costly,   and  leaves  many  enterprise  firms  with  an  unacceptable  level  of  risk.  The  CEO  and  CFO  won’t  be  pleased  to  learn   that  they  spend  more  but  are  left  with  more  risk.     Legacy  Security  Monitoring  and  Analytics  Tools  Are  Also  Holding  Back   Progress   In  addition  to  skills  challenges,  false  positives,  and  manual  processes,  it  is  also  worth  noting  that  29%  of  enterprise   organizations  surveyed  by  ESG  indicate  that  incident  detection  depends  upon  too  many  independent  tools  that   aren’t  integrated  together.5  This  security  challenge  is  certainly  understandable.  Over  the  past  ten  years,  enterprise   IT  security  has  grown  incrementally  more  difficult  because  of  new  and  unanticipated  threats  and  vulnerabilities.  As   these  changes  occurred  in  the  past,  organizations  typically  upgraded  their  security  products,  purchased  new   signature-­‐based  threat  management  tools,  created  new  rules  for  perimeter  gateways,  and  increased  their  security   analytics  activities.  Over  time,  this  has  led  to  a  security  infrastructure  anchored  by  numerous  disconnected  point   tools  for  incident  detection/response.     Tactically  driven  enterprise  IT  security  has  always  suffered  from  operational  inefficiencies,  but  even  with  this  it   provided  reasonably  adequate  protection  against  threats  such  as  general  purpose  malware,  spam,  and  amateur   hackers.  Unfortunately,  existing  security  systems,  which  are  often  perimeter  and  signature  based,  are  no  match  for   today’s  insidious  threat  landscape.  This  is  especially  true  with  regard  to  security  analysis  tools  because:                                                                                                                   5  Source:  Ibid.   23%   28%   28%   28%   29%   29%   35%   39%   0%   10%   20%   30%   40%   50%   Lack  of  proper  level  of  tuning  of  our  SIEM  and  other   security  tools   Lack  of  adequate  data  colleceon/monitoring  in  one   or  more  criecal  area   My  organizaeon  lacks  the  right  level  of  security   analysis  skills  needed   Sophisecated  security  events  have  become  too   hard  to  detect  for  us   Incident  deteceon  depends  upon  too  many   independent  tools  that  aren’t  integrated  together   Incident  deteceon  depends  upon  too  many  manual   processes   Too  many  false  posieve  responses   Lack  of  adequate  staffing  in  security  operaeons/ incident  response  team(s)   Which  of  the  following  challenges  does  your  organizaPon  face  when  it  comes  to   incident  detecPon?  (Percent  of  respondents,  N=257,  mulPple  responses   accepted)  
  • 7. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  7   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   • Security  analytics  tools  can’t  keep  up  with  today’s  data  collection  and  processing  needs.  According  to  ESG   research,  47%  of  enterprise  organizations  collect,  process,  and  analyze  more  than  6  terabytes  of  security   data  on  a  monthly  basis.  Additionally,  the  majority  of  enterprises  collect,  process,  store,  and  analyze  more   security  data  than  they  did  two  years  ago  (see  Figure  4).6  And  this  data  remains  online  for  longer  periods  of   time.  These  trends  will  continue—security-­‐driven  enterprises  will  regularly  collect,  process,  and  analyze   petabytes  of  online  security  data  for  analysis,  investigations,  and  modeling.  Legacy  Security  Information  and   Event  Management  (SIEM)  platforms  are  often  based  upon  off-­‐the-­‐shelf  SQL  databases  or  proprietary  data   stores  that  simply  can’t  scale  for  this  type  of  data  volume.  As  this  happens,  security  analytics  needs  are   hamstrung  by  basic  technology  limitations.  This  creates  a  Faustian  compromise  where  security  technology   deficiencies  ironically  slow  down  incident  detection/response,  limit  investigations,  and  increase  IT  risk.     Figure  4.  Growth  in  Amount  of  Data  Collected  for  Information  Security  Activities     Source:  Enterprise  Strategy  Group,  2013.     • Organizations  need  an  enterprise-­‐wide  security  purview.  Security  analytics  point  tools  tend  to  provide   monitoring  and  investigative  capabilities  against  explicit  types  of  threats  (i.e.,  network  threats,  malware   threats,  application-­‐layer  threats,  etc.)  or  specific  IT  infrastructure  locations  (i.e.,  data  center,  campus   network,  remote  offices,  host  etc.).  This  forces  CISOs  to  piece  together  an  aggregated  view  of  enterprise   security  through  numerous  tools,  reports,  and  individual  security  personnel.  This  methodology  is   cumbersome,  labor-­‐intensive,  and  can’t  really  provide  an  accurate  picture  of  risk  or  an  incident   detection/response  across  networks,  servers,  operating  systems,  applications,  databases,  storage,  and   endpoint  devices  scattered  throughout  the  enterprise.     • Existing  security  analysis  tools  depend  excessively  on  customization  and  human  intelligence.  Enterprise   security  analysis  is  complex  and  requires  specialized  skills  and  strong  experience.  As  stated  previously   however,  these  skills  are  in  short  supply—even  the  most  security-­‐conscious  enterprises  are  finding  it                                                                                                                   6  Source:  Ibid.   We  collect   substaneally  more   data  to  support  our   informaeon  security   aceviees  today  than   we  did  2  years  ago,   43%   We  collect   somewhat  more   data  to  support  our   informaeon  security   aceviees  today  than   we  did  2  years  ago,   43%   We  collect  about   the  same  amount  of   data  to  support  our   informaeon  security   aceviees  today  as   we  did  2  years  ago,   14%   How  has  the  amount  of  data  your  organizaPon  collects  to  support  its   informaPon  security  acPviPes  changed  in  the  last  2  years?  (Percent  of   respondents,  N=257)  
  • 8. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  8   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   difficult  to  continuously  train  their  security  staff  or  hire  new  recruits.  Regrettably,  it  seems  that  many   security  analytic  systems  were  designed  to  be  used  only  by  advanced  security  analysts  who  have  the  time   and  skills  to  constantly  fine-­‐tune  and  customize  these  tools,  and  who  know  exactly  what  to  look  for.  Over-­‐ burdened  security  professionals  desperately  need  security  tools  that  provide  more  intelligence  rather  than   more  work.     • Analytics  aren’t  integrated  for  automated  incident  response.  For  the  most  part,  today’s  security  analytics   tools  remain  independent  from  security  remediation  systems.  This  often  means  that  without  automation,   what  is  found  isn’t  fixed  quickly  or  reliably.  Therefore,  when  an  analyst  detects  a  problem,  she  still  must   manually  coordinate  remediation  activities  and  workflow  with  other  security  or  IT  operations  personnel.   Once  again,  this  adds  operational  overhead  and  extends  the  timeframe  needed  for  incident  response  which   could  mean  the  difference  between  a  minor  security  event  and  a  major  breach.  And  this  problem  only  gets   worse  when  breach  responses  need  to  include  non-­‐IT  organizations  such  as  legal,  HR,  and  business  owners.   Enter  the  Big  Data  Security  Analytics  Era   At  the  beginning  of  WWI,  Allied  troops  executed  tactics  used  during  the  American  Civil  War—overwhelm  your   enemy  by  advancing  a  large  army  rapidly.  Unfortunately,  this  proved  to  be  a  costly  mistake.  Why?  With  the   invention  of  the  machine  gun,  these  tactics  resulted  in  massive  loss  of  life  rather  than  battlefield  success.     Technology  advances  like  the  machine  gun  force  combatants  to  adopt  new  warfare  strategies  and  tactics.  This  same   lesson  applies  to  the  cybersecurity  battlefield.  As  cyber  criminals  and  state-­‐sponsored  adversaries  advance  their   capabilities  with  targeted  attacks,  social  engineering,  stealthy  malware,  and  application-­‐layer  exploits,  enterprises   have  no  choice  but  to  adopt  new  strategies  and  defenses.     ESG  believes  that  these  new  requirements  will  result  in  an  enterprise  security  technology  transition  over  the  next   few  years.  Yes,  organizations  will  continue  to  employ  preventive  tactics  such  as  deploying  servers  in  hardened   configurations  behind  firewalls,  removing  unnecessary  services  and  generic  administrator  accounts,  scanning  for   known  malware  using  signatures,  and  patching  software  vulnerabilities,  but  used  alone  these  defensive  techniques   are  not  enough.  To  supplement  these  security  practices,  organizations  will  embrace  new  security  analytics  tools  for   continuous  monitoring,  investigations,  risk  management,  and  incident  detection/response.  Given  the  volume  of   security  data  collection,  processing,  storage,  and  analysis  involved,  security  analytics  is  rapidly  becoming  a  classic   “big  data”  problem.  In  fact,  ESG  research  indicates  that  44%  of  enterprises  consider  security  data  collection  and   analysis  big  data  today,  while  another  44%  believe  that  security  data  collection  and  analysis  will  become  big  data   within  the  next  24  months  (see  Figure  5).  7                                                                                                                   7  Source:  Ibid.  
  • 9. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  9   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   Figure  5.  Security  Data  Collection  and  Analysis  Considered  “Big  Data”     Source:  Enterprise  Strategy  Group,  2013.   To  be  clear,  big  data  security  analytics  isn’t  a  simple  merger  of  events,  logs,  and  network  traffic  in  big  data   technologies  such  as  Cassandra  and  Hadoop  (although  these  underlying  technologies  may  play  a  role  in  the   technology  infrastructure  of  a  solution).  To  ESG,  big  data  security  is  really  about  collecting  and  processing   numerous  internal  and  external  security  data  sources,  and  analyzing  this  data  immediately  to  gain  real-­‐time   situational  awareness  across  the  enterprise.  Once  security  data  is  analyzed,  the  next  step  is  using  this  new   intelligence  as  a  baseline  for  adjusting  security  strategies,  tactics,  and  systems,  much  faster  than  ever  before.   Big  Data  Security  Analytics  Technology  Transformation   Ultimately,  the  objective  of  big  data  security  analytics  is  to  provide  a  comprehensive  and  up-­‐to-­‐the-­‐second  view  of   IT  activities  so  that  security  analysts  and  executives  can  make  timely,  data-­‐driven  decisions.  From  a  technology   perspective,  this  will  require  new  security  systems  providing:   • Massive  scale.  Security  analytics  and  forensics  engines  will  need  to  efficiently  collect,  process,  query,  and   apply  analytic  rules  to  terabytes  or  petabytes  of  data  including  logs,  network  packets,  threat  intelligence,   asset  information,  sensitive  data  tracking,  known  vulnerabilities,  application  activities,  and  user  behavior.   This  is  why  core  big  data  technologies  such  as  Hadoop,  an  open  source  software  project  for  distributed   processing  of  extremely  large  data  sets  across  commodity  servers,  is  a  good  fit  for  burgeoning  security   analytics  requirements.  Additionally,  big  data  security  analytics  will  likely  be  deployed  in  a  distributed   architecture,  thus  the  underlying  technology  must  be  able  to  centralize  analysis  of  massive  volumes  of   distributed  data  while  maintaining  data  integrity  and  providing  for  high-­‐performance  needs.     Yes,  security  data   colleceon  and  analysis   would  be  considered   “big  data”  within  my   organizaeon  today,   44%   No,  but  based  on  my   organizaeon’s  security   strategy  we  will  likely   consider  security  data   colleceon  and  analysis   “big  data”  within  the   next  12  months,  30%   No,  but  based  on  my   organizaeon’s  security   strategy  we  will  likely   consider  security  data   colleceon  and  analysis   “big  data”  within  the   next  24  months,  14%   No,  security  data   colleceon  and  analysis   is  not  considered  “big   data”  within  my   organizaeon,  11%   Don’t  know,  2%   Do  you  believe  that  security  data  collecPon  and  analysis  would  be  considered  “big  data”   at  your  organizaPon?  (Percent  of  respondents,  N=257)  
  • 10. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  10   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   • Enhanced  intelligence.  The  best  big  data  security  analytics  tools  will  act  as  intelligent  advisors,  leveraging   models  of  normal  behavior,  adapting  to  new  threat/vulnerability  intelligence,  and  pinpointing  anomalies  at   any  layer  of  the  technology  stack  that  requires  immediate  investigation.  To  accomplish  this,  big  data   security  analytics  will  offer  a  combination  of  templates,  heuristics,  statistical  and  behavior  models,   correlation  rules,  threat  intelligence  feeds,  etc.     • Tight  integration.  To  keep  up  with  the  constantly  changing  threat  landscape,  big  data  security  analytics   must  interoperate  with  IT  assets  and  leverage  automated  security  intelligence.  Beyond  this,  however,  big   data  security  analytics  should  be  tightly  integrated  with  security  policy  controls  for  tactical  adjustments  and   automation.  When  security  analytics  point  to  unusual  network  traffic  emanating  from  mobile  devices,   security  analysts  should  be  provided  with  specific  change  instructions  to  quarantine  traffic  flows  and   minimize  risk.  Ideally,  security  analytics  systems  can  be  used  to  automate  remediation  activities,  a  form  of   active  defense,  for  routine  changes  or  in  emergency  situations.     Armed  with  a  comprehensive  real-­‐time  view  of  security  situational  awareness,  big  data  security  analytic  systems   will  become  the  nexus  for  both  risk  management  and  incident  detection/response.  This  includes  specialized   security  activities  such  as  regulatory  compliance,  security  investigations,  control  tracking/reporting,  and  security   performance  metrics.     CISOs  Must  Become  Big  Data  Security  Advocates   Big  data  security  analytics  is  no  longer  a  visionary  idea—leading  enterprises  recognize  that  their  immediate  security   requirements  demand  this  type  of  solution.  To  proceed  with  big  data  security  analytics  planning  and   implementation,  ESG  suggests  that  CISOs:   • Address  limitations  with  existing  security  infrastructure.  Compare  security  analytics  output  with  existing   capabilities,  processes,  and  requirements.  Does  your  organization  have  “blind  spots”?  Is  the  organization   conducting  continuous  monitoring  or  basing  its  security  assessments  on  periodic  (occasional)  scans?  Is  the   organization  understaffed  or  lacking  security  analytics  skills?  How  long  does  it  take  to  detect,  investigate,   and  respond  to  security  incidents?  Rather  than  deal  with  security  analytics  weaknesses  piecemeal,  develop   a  big  data  security  analytics  project  plan  that  addresses  critical  areas  through  a  phased  approach.   Remember  to  build  processes  and  technologies  that  can  serve  as  a  foundation  for  all  phases  of  the  project.   This  should  help  deliver  incremental  value  throughout.   • Shift  investments  from  prevention  to  detection/remediation.  Yes,  it  is  still  important  to  lock  down  IT   assets  to  minimize  risk,  but  CISOs  must  realize  that  despite  these  best  practices,  networks  will  be  attacked,   penetrated,  and  compromised.  Savvy  CISOs  will  capture  incident  detection/response  metrics  (i.e.,  time  to   discover  a  security  incident,  time  to  investigate  and  remediate  a  security  incident,  number  of  tools  used,   number  of  staff  hours  needed,  etc.)  before  and  after  a  big  data  security  analytics  implementation  to   measure  ROI  on  security  operations  and  risk  management  goals.     • Identify  staffing  deficiencies  and  knowledge  gaps.  As  ESG  research  indicates,  most  organizations  have   security  organizational  problems  around  skills  and  headcount.  In  most  cases,  CISOs  will  not  be  able  to  hire   and  train  their  way  out  of  this  problem,  so  they  need  alternative  strategies.  ESG  recommends  that  CISOs   clearly  identify  areas  of  weakness  at  the  genesis  of  their  big  data  security  analytics  planning  process.  This   will  help  them  define  their  needs  for  security  technology  intelligence,  external  data  feeds,  and   professional/managed  security  services  to  fill  the  gaps.   Finally,  big  data  security  analytics  is  antithetical  to  today’s  typical  security  infrastructure,  which  is  based  upon  point   tools  and  limited  scale.  Impending  enterprise  security  technology  changes  will  likely  resemble  the  business   application  transition  in  the  1990s  when  departmental  applications  were  replaced  with  enterprise-­‐class  ERP   software  architectures.     To  avoid  the  potential  pitfalls  associated  with  this  type  of  evolution,  enterprises  should  seek  out  technology   vendors  with  deep  security  experience,  a  portfolio  of  leading  security  analytics  products,  a  strong  big  data  security  
  • 11. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  11   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   analytics  strategy,  strong  enterprise  experience,  complementary  threat  intelligence  services,  relationships  with   proven  MSSPs,  and  security-­‐focused  professional  services  to  help  CISOs  with  planning,  deployment,  and  ongoing  big   data  security  analytics  management.  Particularly  with  its  recent  product  introduction  of  RSA  Security  Analytics,  RSA   Security  is  one  of  only  a  few  security  vendors  who  meet  this  profile.  As  such,  enterprise  CISOs  would  be  well  served   to  assess  how  RSA  Security  Analytics  and  related  solutions  and  services  align  with  their  big  data  security  analytics   vision,  strategy,  and  tactical  plans  and  requirements.    
  • 12. White  Paper:  The  Big  Data  Security  Analytics  Era  Is  Here                                                                                                                                                                                  12   ©  2013  by  The  Enterprise  Strategy  Group,  Inc.  All  Rights  Reserved.   The  Bigger  Truth   Enhancing  security  management  maturity  is  not  a  straight-­‐line  process  and  thus  CISOs  should  expect  peaks  and   valleys  as  they  proceed  on  this  journey.  Based  upon  a  few  current  market  trends  and  ESG  research  data,  it  appears   as  though  many  organizations  are  stuck  in  a  security  management  valley  at  present.     In  truth,  security  management  maturity  has  reached  a  tipping  point.  To  move  forward,  CISOs  should  conduct  an   honest  assessment  of  their  security  technology  infrastructure.  Can  it  provide  the  necessary  monitoring,   investigative,  and  data  analysis  to  support  real-­‐time  security  decisions?  Can  it  collect,  process,  and  analyze  the   volume  of  data  needed  to  track  security  activities  at  all  layers  of  the  technology  stack?  Does  it  require  unreasonable   care  and  feeding?  Regrettably,  CISOs  may  find  that  they  are  spending  a  lot  of  money  for  poor  incident  detection,   investigation,  response,  and  workflow  results.   Given  the  sophistication  of  malware  threats  and  cyber  criminals,  there  are  no  “silver  bullets”  or  easy  answers  here.   What’s  needed  more  than  anything  is  better  visibility  through  improved  data  analysis—more  data,  better  security   intelligence,  real-­‐time  collection  and  correlation,  etc.  With  real-­‐time  situational  awareness,  CISOs  and  their  security   analysts  can  adjust  their  tactics,  prioritize  activities,  and  accelerate  processes.  Ultimately,  this  should  help   enterprises  improve  security  and  lower  costs.  This  alone  should  make  big  data  security  analytics  exceptionally   attractive  to  enterprise  CISOs.            
  • 13.                                                                                               20  Asylum  Street    |    Milford,  MA  01757    |    Tel:  508.482.0188    Fax:  508.482.0218    |    www.esg-­‐global.com