Big Data In The Information Security Context
By Daniel Sobral, CSO, JBS USA
Big Data is a technology that can be applied to any area within corporations, because it is possible to co-relate data from innumerous different sources, and extract relevant information, which can be essential to making important business decisions.
Big Data is an essential technology, because it allows the detection of incidents to become even more efficiently, reducing the impact these incidents cause.
When using Big Data as a safety tool for information analysis is the possibility to foresee problems in the data collected from different sources of information that show the security team hidden vulnerabilities so they can respond quickly by leveraging data correlation over a very large amount of data.
In a survey conducted by security firm McAfee shows that, only 35% of companies are ready to respond immediately to cases of security incidents and according the survey, a centralized security management system enables more precise analysis of the data.
Research shows that most companies store 1-20 terabytes a week just for security-related information. For comparison, the US Library of Congress has the equivalent of 10 terabytes of content.
Analyzing all the advantages of utilization of Big Data within information security, many professionals in the area wonder:
When should I adopt this technology?
The answer to this question is simple: MATURITY. Many companies do not have enough Information Security maturity to do it and initiate projects that will soon become unsuccessful, because they do not achieve the expected results.
A major cause of this failure is the lack of maturity in information security tools and processes within some companies making the implantation time of Big Data projects much higher than in companies with a higher maturity level which reflects in high cost of implantation, even prevents continuation of the project.
So, how will I know if I am ready for Big Data projects?
Before tackling Big Data, companies need to know about “Small Data”.
After the security foundation for information security is in place, a good exercise before you develop Big Data projects is to implement a successful SIEM project.
In an SIEM project, it is possible to develop some skills that will be important for a Big Data project to be successful, such as extracting relevant information within different technologies used within the corporation.
After completing the foundation for the information security process and the first implementation exercise of a successful SIEM project, it is possible to say that the company is able to initiate Big Data projects.
I am prepared to deploy a Big Data project. What are the main points that I should observe to succeed on this journey?
- Define a holistic cyber security strategy – Companies must align their security capabilities behind a program and a strategy that is customized to the risks, threats and the organization’s specific requirements.
- Establish shared data architecture for information security – The Big Data analysis requires information to be collected from different sources in different formats, a unique architecture that allows all information to be captured, indexed, normalized, analyzed and shared is a logical goal.
- Look for Big Data security tools open and scalable – Companies should ensure that the ongoing investments on security products favor technologies that use agile approaches based on analysis.
- Strengthen the knowledge of the security team – Data analysis is a talent often missing in today’s security teams. Scientists with expertise in safety data are scarce. As a result, many companies are likely to need external partners to complement internal security analysis capabilities.
- Leverage security intelligence solutions integrating with external knowledge base – Increase internal security analysis programs integrated with the intelligence services and assess the threat data from reliable and relevant sources.
It is possible to enjoy all the benefits that this technology provides in increasing the enterprise security level as well as ensuring business continuity, reduction of risk, maximum return of investment and the growth of business opportunities with a well-defined process.