Bookmark and Share

Big Data – Buzz Word or Way of Life?

Funded Big Data initiatives are finding their way into industries ranging from manufacturing, healthcare, entertainment and advertising to software, education, online retail, finance and science.  While companies are in the preliminary stages and are just beginning to see benefits, security professionals have questions and concerns in three major areas.

  1. What are the real benefits of Big Data and how can information security enable proper access for Big Data, both from an internal and external standpoint?
  2. How can Big Data analysis be applied to information security? In what ways can information security professionals use the information to identity internal and external threats? What types of queries are precursors to a DDoS attack?
  3. What is the role of SIEM versus Big Data? Recognizing that SIEM only takes the information security components of Big Data, and Big Data proper takes other data into account, such as fraud and behavior analysis, what is the future of SIEM as more and more organizations are trying to take in all data sets.

It’s generally accepted that if one has the data, an analyst who understands the data can make better decisions faster about good or bad behavior occurring on the site. Another benefit relates to protecting the organization’s brand and reputation. While information security is generally not a revenue-generating function within the organization, it is able to demonstrate that by leveraging Big Data analysis it is able to protect the brand and the reputation of the company.

As groups grow their data sets and evolve their use of Big Data analysis, there is a tendency for other departments within the organization to find value in the data. Deployments, therefore, tend to start small, with other business units looking to leverage the platform and bolt on additional functions as the data proves its worth. Recognizing that many organizations have multi-dimensional regulations that must be dealt with, the recommendation is to build a framework for the controls, get it about 80% there, put it out into the wild, test it and refine it over a period of time.