As I’ve written many times, the age of big data security analytics is already upon us. In fact, 44% of large organizations characterize their security data collection, processing, and storage activities “big data” today, while another 44% believe that their security data collection, processing, and storage activities will become “big data” within the next two years (Source: ESG Research Report, Emerging Intersection of Between Big Data and Security Analytics, November 2012.)
While the age of big data security analytics may be here however, most enterprises face a growing conundrum. On the one hand, they need big data security analytics to make more informed decisions about what’s happening and what to do. On the other hand, they don’t have the staff, skills, or processes in place to handle big data analytics – let alone reap any of the potential benefits.
This is actually a pretty big deal as enterprise security is a story of haves and have nots. Based upon ESG research, about 17% to 22% of large organizations fit into an “advanced” category capable of embarking on the big data security voyage alone. That leaves roughly 80% who need help in one form or another.
To bridge this huge gap, big data security analytics solutions must respond with:
- Canned algorithms. While elite organizations will have teams of security analysts, programmers, and data scientists working together, most organizations will depend upon their security analytics vendors to deliver a constant stream of canned algorithms that detect infected hosts, network reconnaissance, credentials harvesting, and Command & Control (C&C) communications. Some may even provide algorithms for more complex long-term investigations. Vendors like Click Security, eIQ, IBM, LogRhythm, RSA Security and Splunk with the ability to turn programming into pull-down menus, have a huge opportunity ahead.
- Deep intelligence. Ideally, large organizations need to know everything about their networks – what assets are connected, how they are configured, what other assets they communicate with, etc. Oh and they also need to fully understand network traffic patterns to detect anomalous or suspicious behavior. To complete the picture, they need external security intelligence feeds about what’s going on in the wild. Big data security analytics act as an intelligence hub in this scenario by correlating situational awareness (i.e. what’s going on in internal/external networks) and continuous monitoring (i.e. network assets, configurations, and vulnerabilities). McAfee’s “security connected” architecture seems well positioned here.
- Automation. There are simply too many threats, vulnerabilities, events, and network packets for humans to keep up. While the security community is skittish about installing security devices in blocking mode, this has to be part of a big data security analytics solution moving forward – an analytics engine spots a problem and then takes action. It’s likely that network security devices will act as enforcement points here so the market tilts toward Check Point, Cisco, Juniper, and Sourcefire.
- User groups. In 1955, a group of IBM 701 users in Los Angeles got together to exchange ideas, experiences and best practices. This led to the formation of SHARE, a mainframe user group that is still active today. This type of collective collaboration will be essential for inexperienced users looking to benefit from big data security analytics. Vendors who organize and promote these efforts along industry lines can gain an advantage.
Big data security analytics may be an enterprise inevitability, but it will prove to be too geeky for a large percentage enterprises. Ultimately, service providers like Dell SecureWorks, Packetloop, and Sumo Logic may become major players at the big data security analytics party – simply because so many enterprises don’t have the brainpower or confidence to go it alone.
Note: For those interested in more information about the big data security analytics landscape, go to the ESG web site and download the ESG Market Landscape Report, The Evolution of Big Data Security Analytics Technology, March 2013.