You have 10 petabytes of security data in your Hadoop cluster.
You count RAM in terabytes and CPU cores in dozens.
You speak HiveQL better than you speak English.
You collect literally and unquestionably every timed record of activity in your organization – including transaction logs, IM messages, flows, anything.
You run queries over 13 months of data – and you do not have to take a vacation before the results come in.
You outgrew your market-leading SIEM product … 5 years ago.
You have statisticians (data scientists) on speed-dial – and on staff.
You run statistical models on volumes of security data before your morning coffee – and get good results.
Your organizations’ BI team thinks you are actually cool… despite being in security.
are you a HARBINGER or an OUTLIER?
Is this the way information security will be done nearly everywhere in 3, 5, 10 years? (good arguments for this)
Or is this a case of “there are only 10 organizations in a Top 10 list”? (some arguments for this)
Is this the way we all need to learn to succeed with current and future threats?
Or is this the way to the top of the mountain that only the enlightened gurus will ever tread?
In any case, let’s keep this discussion going!
P.S. By the way, remember that: “If at first you don’t succeed, skydiving may not be for you.” [by unknown] –> “If you keep failing with small data now, BIG DATA isn‘t for you!” [by Anton Chuvakin]
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.