You have 10 petabytes of security data in your Hadoop cluster.
You count RAM in terabytes and CPU cores in dozens.
You speak HiveQL better than you speak English.
You collect literally and unquestionably every timed record of activity in your organization – including transaction logs, IM messages, flows, anything.
You run queries over 13 months of data – and you do not have to take a vacation before the results come in.
You outgrew your market-leading SIEM product … 5 years ago.
You have statisticians (data scientists) on speed-dial – and on staff.
You run statistical models on volumes of security data before your morning coffee – and get good results.
Your organizations’ BI team thinks you are actually cool… despite being in security.
are you a HARBINGER or an OUTLIER?
Is this the way information security will be done nearly everywhere in 3, 5, 10 years? (good arguments for this)
Or is this a case of “there are only 10 organizations in a Top 10 list”? (some arguments for this)
Is this the way we all need to learn to succeed with current and future threats?
Or is this the way to the top of the mountain that only the enlightened gurus will ever tread?
In any case, let’s keep this discussion going!
P.S. By the way, remember that: “If at first you don’t succeed, skydiving may not be for you.” [by unknown] –> “If you keep failing with small data now, BIG DATA isn‘t for you!” [by Anton Chuvakin]
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.