Mar 14 2012   5:04PM GMT

How big data improves an information security strategy

Christina Torode Christina Torode Profile: Christina Torode


I learned a new term the other day: data-driven security. I had been talking with Enterprise Management Associates security guru Scott Crawford about remote access security policies in a bring-your-own-device (BYOD) era — yes, that’s a mouthful. But then, in the ever-changing dynamics of IT, he flipped the topic on me.

Big data can help an information security strategy, he said. Really? From what I’ve been hearing from CIOs and chief information security officers, big data — information coming in and out of an organization from all over — is a security threat. I had never heard about big data improving information security strategies.

Crawford enlightened me by explaining that data-driven security — or using technologies like data mining, data analytics and quantitative statistics — is a great way to spot security threats and trends.

“Analyzing big data can give you quicker insights into large volumes of data and security problems, and you can use real-time event alerting,” he said.

In a recent blog post, Crawford explains:

“The data explosion is just as real in security as elsewhere. And just as with other aspects of the intelligence-driven enterprise, big data offers new challenges — and new opportunities. Much more information is available than ever before that can help enterprises identify previously unrecognized threats, sharpen their defenses and acquire the awareness needed to develop more effective risk management programs. Today, techniques are emerging for harnessing this data to improve countermeasures and expand strategic insight.”

Crawford explains his theory in great depth in a five-part series on the rise of data-driven security.

As for the original security topic? Remote access security policies in a BYOD era? Data-loss prevention tools are not a silver bullet, he said. But that’s a topic for another time.

Let us know what you think about this blog post; email: Christina Torode, News Director

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • ScottCrawford
    Thanks for the coverage, Christina. I should, however, elaborate a bit on the "real-time event alerting" quote above: Organizations pursuing such a strategy often fold their event alerting data into their overall data collection. Those exploring the use of data warehousing to facilitate mining and more flexible analysis may add event data to such repositories. In most instances I've explored, however, these approaches are still maturing. Many organizations develop their own analytics, which means that, in many cases, analysis is not yet as "real-time" as many existing (and more mature) tools. The batch-oriented nature of analysis in some of these cases also lends itself more to non-real-time investigation, but that in itself is highly useful to those exploring their opportunities. To be clear, this trend is still in its early stages, and many challenges lie ahead, such as the maturity of technologies, evolution of the necessary expertise (in both information security *and* data analysis), and the questions that may be raised by accumulating large stores of data (which, in some cases, may include content that may be sensitive or subject to regulation). Vendors and service providers may find themselves more able to take advantage of large data volumes than many organizations (but they will likely make the benefits available to their customers in a variety of ways). Regardless, among the practitioners exploring this trend, most feel it represents a path forward for information security in the enterprise, which makes it a trend worth watching for where it may lead tomorrow.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: