Gartner Blog Network

Information Security is Becoming a Big Data Problem

by Neil MacDonald  |  April 12, 2011  |  Comments Off on Information Security is Becoming a Big Data Problem

We talk about the need for analytics and business intelligence to help the business make better business decisions, It is time to bring this same technology to the information security department.

What we need is actionable, prioritized and risk-based insight from this sea of information.

I’ll take it a bit further. There are some emerging uses cases for information security which can only be handled with big data capabilities, some of which are well suited to cloud-based computing models:

  • Building more accurate models and heuristics of malware and malicious activity based on broad visibility and having more computing power to perform the analysis
  • Community-based malware detection.
  • Real-time ‘reputation services’ that correlate information across multiple logical entities simultaneously – for example, IP addresses, user identities, URLs, email and file objects.
  • Massively parallel static analysis of source code and binaries looking for vulnerabilities
  • Correlation of threat data across multiple enterprises.
  • Security policies that roam with the user as they move among networks we don’t own or control.
  • Inter-platform correlation of data within next-generation security platforms (not Security Information and Event Management –. SIEMs are more generic in nature). What I am talking about is domain specific correlation within a vendor’s specific security platform.
  • Seeking patterns of abnormal behavior from volumes of data from monitored transactions.

These are just a few examples. Analytics will be a core element of all next-generation security platforms – network, endpoint, edge and data – and not just the realm of SIEM.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud-security  next-generation-security-infrastructure  security-intelligence  

Tags: adaptive-security-infrastucture  beyond-anti-virus  cloud-security  defense-in-depth  next-generation-data-center  next-generation-security-infrastructure  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.