The era of big data has arrived and information security professionals need to embrace it if they are to succeed...
against new and emerging threats, says Art Coviello, executive chairman of RSA, the security division of EMC.
“Technology will help us solve the seemingly unsolvable,” he told attendees of RSA Conference 2013 in San Francisco.
A year ago, he issued an emotional call to arms to the security industry, but Coviello told Computer Weekly that technology advances in the past year mean that the security industry is now better prepared.
But it is important to embrace big data, he said, because at the same time as it will bring benefits to business, it has the potential to magnify risk in ways never before imagined.
“Big data is not just about lots of data, it is about having the ability to extract meaning; to sort through the masses of data elements to discover the hidden pattern, the unexpected correlation,” he said.
According to IDC, less than 1% of data is analysed, said Coviello, new analysis tools are being introduced all the time and soon big data stores will be the “crown jewels”.
However, he warned as these become more accessible to enterprises, they will also become more accessible to adversaries.
Read more on big data:
“It is important not to over-hype the threat, but rather to ensure a better understanding so that organisations will take the necessary steps to protect themselves,” said Coviello.
Businesses should take cognisance of the fact that attacks are moving from being intrusive to disruptive, and as we move to the internet of things where billions of devices are IP-addressable, he said, the path will clear for attacks to move from disruptive to destructive, so business should be preparing for that.
In the face of these challenges, said Coviello, we should look to history and follow president Abraham Lincoln’s advice to “think anew and act anew” when “the occasion is piled high with difficulty”.
This, he believes, involves adopting an intelligence-led model of security that has the adaptive capacity to become stronger and smarter in response to attacks.
“We need systems that will use big data analytics to evolve by learning from change to give businesses the capability to detect and respond quickly to new and emerging attacks,” Coviello said.
This approach of tapping into almost unlimited sources of security information, he said, is best applied to security management and the development of security controls.
“The needs of security management has moved beyond security information and event management (SIEM) systems; we have reached the limits of that technology,” said Coviello.
Big data analytics, however, is scalable enough to provide organisations with a mosaic of information about users and infrastructure to identify abnormal behaviour in the flow or use of data, he said.
The whole process needs to start with tools to collect, normalise and analyse data in a machine-readable format to trigger defensive action automatically.
Read more on intelligence led security:
“To get a real result, there also needs to be a high degree of integration with GRC (governance, risk and control) systems and automatic defence systems,” said Coviello.
“We are not quite there yet, but the process is underway,” he said, referring to RSA’s release of RSA Authentication Manager 8 this week and RSA Security Analytics in January.
“It is also good to see the progress the IT security industry is making as a whole,” said Coviello, referring to Juniper Networks’ new Junos Spotlight Secure global attacker intelligence service.
Information security professionals should start by creating a transformative security strategy, he said, then set up a shared data architecture that will enable data to be captured, normalised, analysed and shared automatically.
“A unified security architecture that uses open standards and integrates big data will finally offer organisations true defence in depth,” said Coviello.
Historically, organisations have only been able to react to known threats, but an intelligence-driven system that combines internal and external threat information, he said, will enable organisations to react to unknown threats.
“This model is future proof, and by embracing big data we will win. We have no time for losers. We are the champions,” he said, alluding to the Queen song that preceded his keynote.