by Neil MacDonald | April 12, 2011 | Comments Off on Information Security is Becoming a Big Data Problem
We talk about the need for analytics and business intelligence to help the business make better business decisions, It is time to bring this same technology to the information security department.
What we need is actionable, prioritized and risk-based insight from this sea of information.
I’ll take it a bit further. There are some emerging uses cases for information security which can only be handled with big data capabilities, some of which are well suited to cloud-based computing models:
- Building more accurate models and heuristics of malware and malicious activity based on broad visibility and having more computing power to perform the analysis
- Community-based malware detection.
- Real-time ‘reputation services’ that correlate information across multiple logical entities simultaneously – for example, IP addresses, user identities, URLs, email and file objects.
- Massively parallel static analysis of source code and binaries looking for vulnerabilities
- Correlation of threat data across multiple enterprises.
- Security policies that roam with the user as they move among networks we don’t own or control.
- Inter-platform correlation of data within next-generation security platforms (not Security Information and Event Management –. SIEMs are more generic in nature). What I am talking about is domain specific correlation within a vendor’s specific security platform.
- Seeking patterns of abnormal behavior from volumes of data from monitored transactions.
These are just a few examples. Analytics will be a core element of all next-generation security platforms – network, endpoint, edge and data – and not just the realm of SIEM.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: cloud-security next-generation-security-infrastructure security-intelligence
Tags: adaptive-security-infrastucture beyond-anti-virus cloud-security defense-in-depth next-generation-data-center next-generation-security-infrastructure
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.