Excerpts from Art Coviello’s keynote today at the 2013 RSA Conference in San Francisco.
We are at a critical crossroads – the next phase in the evolution of the Information Age with this convergence of Big Data, mobility, cloud, and our social media-driven society. It is past time for us to disenthrall ourselves from the reactive and perimeter-based IT security dogmas of the past and speed adoption of intelligence-driven security. Requirements for this new model include a thorough understanding of risk, the use of agile controls based on pattern recognition and predictive analytics to replace outdated static controls and the ability to analyze vast streams of data from numerous sources to produce actionable information.
What results is a model based on “Big Data” – our own version of security Big Data.
Last year was a breakthrough year for the concept of Big Data. For all of the buzz, there’s tremendous confusion about the term because it represents more than just a lot of data. Fundamentally, Big Data is about the ability to extract meaning – to sort through the masses of data elements and find the hidden patterns, the unexpected correlation or the surprising connection. It’s about analyzing vast and complex unstructured data sets at high speed to solve innumerable problems across a wide spectrum of industrial, non-commercial and governmental organizations.
Big Data has the potential to transform our lives, our health, our environment, our livelihoods – almost every facet of our daily lives – for the better. Yet, we are only at the dawn of Big Data.
While the most common business analytics are based on structured data using relational data bases, the real goldmine is in unstructured data which is five times larger and growing three times faster.
By 2020, analysts predict that tens of billions and perhaps as many as 200 billion objects will be connected. Think of the richness and variability of data that data scientists will have to work with. And, we’re not only talking about how Big Data will impact and drive information technology. We’re talking about how businesses and organizations will fundamentally change and evolve to become more productive and efficient. However, according to IDC, less than one percent of the world’s data is being analyzed.
Security Big Data will be applied in two ways: security management and the development and application of individual controls.
Because sources of security data are almost limitless, there is a requirement for security management that goes well beyond traditional SIEM. We have reached the limits of that technology and organizations must be able to gain full visibility into all data, structured and unstructured, internal and external.
Big Data architectures will be scalable enough such that all data can be analyzed no matter how expansive or fast changing. Organizations will be able to build a mosaic of specific information about digital assets and users and infrastructure, allowing the system to spot and correlate abnormal behavior in people and, in the flow and use of data.
In a recently published security brief titled, “Big Data Fuels Intelligence Driven Security,”experts from RSA, Northeastern University and Booz Allen Hamilton set out the components for a Big Data oriented security management system.
It must start with automated tools that collect diverse data types and normalize them. And the data needs to be stored in a centralized warehouse where all security-related data is available for security analysts to query. The system must include analytics engines capable of processing vast volumes of fast-changing data in real time as well as a standardized taxonomy for indicators of compromise that are in machine-readable form and can be readily shared. It must also rely on N-tier infrastructures that can scale out across multiple vectors and have the ability to process large and complex searches and queries. Finally, the system must have a high degree of integration with GRC systems and task specific security tools to detect attacks early or even in advance, and then trigger automated defensive measures such as blocking network traffic, quarantining systems or requiring additional identity verification.
A high degree of integration in the controls themselves is key to replacing today’s non-system of individual, isolated static controls. Big Data controls will be agile and predictive like next generation authentication and malware blocking.
Although initially task-specific, to be truly dynamic and situationally aware, these controls have to evolve. Individual Big Data controls will be smart to begin with but will also have the capacity to be self-learning. And they should be able to inform or be informed by other controls and feed or receive intelligence from security management systems and report to and receive instructions from GRC systems.
While we are several years away from all controls and management platforms having this level of completeness, the process is well underway. Vendors have already been building tools with Big Data analytics and are offering products that will have a disruptive impact on many tired product categories like anti-virus, authentication and SIEM.
As an example, RSA just announced version 8.0 of the SecurID authentication manager platform. Version 8.0 includes a risk based analytics engine that has experience gained from nearly 50 billion transactions. We also recently announced our Security Analytics platform, a new approach to security management that fuses log and packet data with internal and external threat intelligence. This platform gives analysts unprecedented visibility to assess and defend against advanced attacks.
But Big Data is only as good as the amount and quality of the data. This is why it is so important to address the need for information sharing so that external feeds of intelligence can have a force multiplier effect. Whether it’s within or among industries, or between and among vendors, Intelligence-driven security models can only succeed through better sharing of intelligence.
I don’t mean to imply we are headed to some security utopia, but, we should be able to keep pace with our adversaries, and, in many instances, get ahead of them, even in the face of uncertainty.