Big Data security and privacy challenges
by Mirko Zorz - Monday, 10 March 2014.
In this interview, Leighton Johnson, CTO, Senior Security Engineer for Information Security and Forensics Management Team (ISFMT), talks about how Big Data is transforming the way organizations deal with information security threats, offers tips for those interested in taking advantage of Big Data, and much more.

He'll be speaking about targeted cyber attacks at ISACA's North America CACS conference.

How is Big Data transforming the way organizations deal with information security threats?

Many organizations are converting their SIEM efforts for monitoring and governance into Big Data efforts for both tracking threats and malicious activities on their networks and to hunting for APTs running in their environment. We have found larger organizations (larger than 5,000 users) have already moved over their continuous monitoring of systems and networks to include assembling the data collected into analysis arenas (cubes, etc.) to account for the extreme proliferation of new and variable threats to their data security.

These efforts are including both event reporting coming from their own systems and direct “real-time” data feeds from external resources in their analysis efforts to watch the perimeter and the external inputs to their systems.

What are the hardware and software pre-requisites for getting the most out of Big Data for IT security purposes?

The extent of modification to the hardware and software needed to perform the Security Big Data efforts has been relatively straight-forward. Adding new database components, the No-SQL or HADOOP components has been budgeted, installed along with the corporate Big Data projects, and not as difficult as would be expected for those organizations that already embrace the Big Data efforts for other parts of their enterprise. However, those organizations that are implementing Big Data efforts for security as their first fore’ into this realm are finding great difficulties in scope, size, and analysis efforts.

Let's say you're working with a network that gathers massive amounts of data on a daily basis. What structural challenges do you have to tackle in order to gather valuable information?

The absolute first need is to ensure the Data SAN can handle for full scope of the Volume and the Velocity of the data getting loaded during the collection efforts. Then comes the analysis engine lying on top of the data. Can it see all of the data during the queries? Are there any missing datasets due to structure issues?

Therefore, we have seen basic indexing of databases being either modified or removed and new “No-SQL” type query and analysis engines being designed and implemented for use. The “MapReduce” and other components have to be evaluated and structured closely to the business focus in order to get the right answers to the multitude and varied types of questions being asked of these systems.

What type of training would you suggest for anyone interested in taking advantage of Big Data?

The biggest area of training is teaching the analysts how to ask the right question for the data at hand. They have many areas they want answers in, but often do not understand how to get the answer they are looking for or need from the assembled data at hand.

The IT support staff needs to understand the data types and database structures in great detail to assist in the analyst efforts, or there is often great frustration on the part of the analyst and business unit personnel that they are not getting what they need from the Big Data project and then blame the IT staff for that problem.

Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //