Five Tips for Mitigating the Fallout from a Big Data Breach

Big Data is pervasive in the enterprise today, and it is only going to get bigger. For example, IT departments are adopting longer retention times for saved data (six months or longer) which, in turn, requires expansion of their existing networked data storage. And with mandated retention policies like Sarbanes-Oxley to account for, end users are also required to capture every data packet that is transacted and retrieve historical data for analysis without any potential data packet loss.

Organizations need to prepare themselves by expanding their network bandwidth to make their data center ‘Big Data’ ready. They also need to take steps to secure their networks. As the volume of networked data grows, data leaks, security breaches, and packet loss are inevitable. Mike Heumann, senior director of marketing, Endace division of Emulex, offers five tips to mitigate the fallout when it happens.

Click through for five steps organizations should take to mitigate the consequences of a Big Data breach, as identified by Mike Heumann, senior director of marketing, Endace division of Emulex.

Don’t assume that your network won’t be compromised – it will.

The methods employed by hackers are becoming more and more sophisticated. It is just a matter of time before someone penetrates your network and takes sensitive data from it. Be ready to respond. Your reaction to a breach may be the only thing you have total control over.

The best time to prepare for a breach is before it happens.

Treat security breach planning the same way you treat disaster recovery – plan ahead for likely scenarios and rehearse the responses. Lay out the escalation chain within your organization for a breach. Know what types of data breaches/compromises need to be reported externally, and to whom. Know how you will respond to external inquiries (customers, press, etc.) about the breach.

Continuously monitor the traffic on both sides of your firewall.

This is one of the best ways to discover a breach, as well as to identify what information was compromised. Better yet, utilize network recording technology so that you are not dependent on someone being in the right place at the right time to capture it. The best recorder technologies can record 100 percent of the transactions at 10Gb/sec line rates, which eliminates the guesswork around recorders that sample data.

Look at integrating the workflow of your SEM/SEIM tools so that you can reduce time to resolution for breaches.

One of the most difficult things for SecOps teams to do during a breach is monitor dozens of dashboards and mentally “fuse” the data together, but that is in many cases exactly what we ask them to do. By having cross-tool integration, you can speed up resolution by eliminating the need to jump from one screen to another. An example is the capability to click on a dashboard alert and bring up specific packets or netflows associated with that alert.

Make sure that your SEM/SEIM tools are secure.

If your security tools are less secure than your network is, they become a weakness that can be exploited by hackers. For instance, thick client-based tools can present a security threat in that data is often loaded onto a laptop, which itself could be removed from the enterprise and later lost or penetrated. Keeping data in secure locations in the data center can help to eliminate these types of weaknesses.