Yesterday I broke away from my normal routine of analyzing enterprise data protection and data storage technologies to take a closer look at enterprise security. To do so, I stopped by the Omaha Tech Security Conference held at the local Hilton Omaha conference center and visited some of the vendors’ booths to learn more about their respective technologies. In so doing, it quickly became evident from my conversations with a number of security providers that they recognize their need to introduce Big Data analytics into their products to convert the data, events, and incidents that they record and log into meaningful analysis that organizations can consume and act upon.
In recent months my interest in the security industry has been piqued by a growing sense that corporate interest in security is evolving from a series of peaks and valleys in terms of them making investments in security to regularly investing in security. This change in attitude and approach to investing in enterprise security was confirmed by every security professional (reseller, vendor and end-user) with which I have spoken with over the past few weeks and at this conference in particular.
While many of these security professionals to which I spoke quickly pointed out that investments in security software and/or hardware equates to neither a secure nor a compliant infrastructure, simply providing regular, ongoing funding for security software and hardware serves an important first step toward building a secure, compliant enterprise.
It was then that those conversations turned to the topic of how do organizations, once they have made the decision to budget for security on an annual basis:
- Secure their data
- Keep the “right” data in (as within or behind corporate fire walls)
- Keep the “wrong” people out
- Keep the “right” data in the “right” hands at the “right” time.
Achieving any of these ideals in recent years has become much more elusive to accomplish despite the advent and growth of security technologies such as data loss prevention, encryption, and security information and event management (SIEM). In discussing how to best deliver on these requirements with some of the providers on site, they shared some of the following thoughts:
- SIEM appliances and software have lost some of their luster. One reseller explained to me that initially SIEM appliances and software held a great deal of appeal due to their ability to monitor information, events, and logs from multiple security solutions. More recently, that perception has changed. Even though SIEM appliances and software gather all of this data, they still need someone to analyze it, identify the threats, and act on them in a timely manner. Due to the mass amount of information and events gathered, this quickly becomes an overwhelming task.
- Data Loss Prevention (DLP) software suffers from a similar inability of organizations to quickly analyze the data. DLP software differs from SIEM software in that its goal is to prevent the distribution or release of an organization’s data to individuals either inside or outside of the organization not authorized to access or view it. While its objective is again simple to state, executing on it becomes a much more complex task. Like SIEM software, DLP software needs to process large amounts of data in a short amount of time. Yet in order for it to do so, it must do quickly and efficiently. This again requires individuals dedicated to the task of creating policies who then administer them, track the results, and tweak as them as needed to get the desired results.
This ability to quickly, efficiently, and effectively perform meaningful analysis on these types of data took some of the shine off of these technologies in the last couple of years. However, it also explains why providers have begun to introduce Big Data analytics into their solutions. While Big Data analytics will not absolve organizations of the need to create policies and analyze the security data they collect, it does facilitate the introduction of more automation and simplicity into this process to equip organizations to better protect their infrastructure and should serve to help organizations more confidently move down the path of more broadly adopting security technologies to protect and secure their infrastructure going forward.