All that big data for security research I did last year has finally condensed into a published paper. Please enjoy “Security Information and Event Management Futures and Big Data Analytics for Security” that focuses on two things: outlining SIEM futures and analyzing the usage of big data technologies and approaches for security. The abstract states: “Organizations with lean-forward security programs complement their SIEM tools with custom-built big data platforms and utilize advanced analytics for security. This assessment predicts the directions for SIEM technology and analyzes the use of big data for security today and in the near future.”
A few fun random quotes follow below:
- “SIEM tools have been, and are expected to remain, a central point for security monitoring within most large organizations, even though they are not explicitly mandated by any regulations.”
- “The noise about big data for security has grown deafening in the industry, but the reality lags far, far behind. As many organizations continue to struggle with utilizing traditional security analysis tools, such as SIEM tools, the expectation that they will magically adopt big data technologies and approaches is simply unrealistic.”
- “Big data use for security will continue to be populated by the most advanced, mature, Type A organizations for the near future. Security may well be becoming a big data problem, but riding that big data wave will stay difficult and expensive for most organizations, at least for the next one to two years.”
- “Before embarking on a big data project, carefully review the needs and assess whether they really require a big data approach rather than a traditional set of COTS tools.”
- “Start from analysis of existing data: No new data! Explore datasets in SIEM, NFT, ETDR, etc. tools. Expand to new data types gradually, after you master your existing data and acquire necessary analytical skills.”
- “Do not buy any new tools, especially those labeled “big data,” before analysis goals are set and needs are clear. Do not pay for the “glamour” of big data if there is low chance of benefiting from the investment.”
GTP subscription is required for access, for those without one here are some links from my research that resulted in this paper.
Related posts on the topic of big data for security:
- Big Data for Security Realities – Case 4: Big But Narrowly Used Data
- Gartner Predicts 2014 Out – And One On Big Data!
- Big Data Analytics Mindset – What Is It?
- Big Data for Security Realities – Case 3: Elastic Search or Similar
- Big Data for Security Realities – Case 2 Variety Explosion
- Big Data for Security Realities: Case 1: Too Much Volume To Store aka “Big Data Collection”
- Big Data Analytics for Security: Having a Goal + Exploring
- More On Big Data Security Analytics Readiness
- Broadening Big Data Definition Leads to Security Idiotics!
- Next Research Project: From Big Data Analytics to … Patching
- 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
- “Big Analytics” for Security: A Harbinger or An Outlier?
- Upcoming Gartner Webinar: The Future of Security Monitoring and SIEM
- Our SIEM Futures Paper Publishes! (previous edition of this paper, with no BIG DATA)
The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.