These days, IT security is all about mean time to remediation. As the attacks become more sophisticated, it may easily be weeks, sometimes even months, before IT departments discover a breach. In the meantime, the amount of damage that could be done in terms of security compromises could be incalculable.
As part of an effort to help IT organizations reduce the amount of time it takes to actually discover a security breach, RSA, the security division of EMC, today launched RSA Security Analytics, a platform that leverages Big Data analytics technologies to rapidly identify security anomalies.
According to RSA Executive Chairman Art Coviello, the changing nature of attacks requires a new approach to IT security. Instead of allocating the vast majority of the IT budget to technologies such as firewalls and anti-virus software, IT organizations should be focused more on detecting security breaches in a way that allows them to remediate them faster. The simple fact is that defending against all security breaches is impossible, so the next best logical thing to do is to assume that your systems are going to be compromised.
By more aggressively leveraging advanced analytics, Coviello says organizations can not only identify breaches, but they can move to eliminate vulnerabilities before they get exploited. Given the volume of data involved, Coviello says IT security is by definition a Big Data application. What’s changed is that we now have the server, network and storage resources required to affordably process all that information.
What Coviello says makes RSA Security Analytics different is that it’s a security platform that combines the Big Data analytics technologies of EMC’s Greenplum unit with complex event processing (CEP) technology, network forensics technology in the form of NetWitness and scanning technology in the form of Silver Tail Systems. Together these technologies form the foundation of a platform that Coviello says allows IT organizations to become a lot more proactive about responding to security threats without generating hundreds of false positives that wind up wasting precious IT time and resources.
RSA is not the only vendor focused on using analytics to advance security intelligence. IBM, Splunk, TaaSERA and now Cisco with the acquisition of Cognitive Security this week are all targeting the same space. As is often the case with anything involving Big Data these days, there may be a shortage of expertise, especially when it comes to applying Big Data analytics to security problems.
Ultimately, Coviello says RSA sees IT security morphing into a service where that kind of expertise is made more readily available by vendors. In the meantime, Coviello says the nature of the security game is to identify what’s most at risk inside the organization and apply your security resources accordingly.