security user experience
security user experienc
security user experience
I suggested in a previous post that assuring user experience should be big data job no. 1. In conjunction with this thesis, security should be big data job #2. The point here is that if an organization cannot assure the user experience and secure the data then all of its big data ambitions are for naught.
The threat landscape is growing ever more hazardous as cloud, mobile and social gain wide acceptance. These overlapping trends are overburdening legacy security technologies, processes and staff. As a result, Chief Security Officers (CSOs) must evolve toward a holistic unified data protection strategy. This strategy makes security a big data project, encompassing all users, systems and applications.
It means adopting a platform that collects massive amounts of data from both internal and external sources in real-time, indexes the data with time stamps so it is readily searchable, and applies algorithms to correlate the data into events for analysis. These algorithms may be prepackaged by a vendor, developed by a third party or custom built.
A big data security platform should have the following characteristics:
It must aggregate internal data sources, such as logs, packets, systems, applications, and devices, as well as external sources, including threat intelligence and cloud services incorporating Hadoop and other open sources technologies;
It must be able to ingest this data in real-time at terabyte or greater scale in massively parallel processing environments;
Best suited for distributed architecture, the platform should allow for deep-dive correlation and various analytics models to identify threats and vulnerabilities at any layer of the technology stack;
Finally, the platform should be tightly integrated with security policies and rules to facilitate adjustments and automate remediation.
Such a platform touches endpoint, network, data, content and cloud. It allows the security team to quickly identify and troubleshoot systems, investigate security incidents and demonstrate compliance efficiently and cost effectively.
This information provides visibility at all layers of the technology stack and across the enterprise. It allows CSOs to prioritize actions, adjust policies and rules, and speed and improve workflows around incident response.
But as organizations collect, store and analyze more data from a greater number of sources and keep that data online for longer periods of time, this platform need not be exclusively on internally managed infrastructure.
More enterprises are turning toward cloud-based solutions or managed service providers as a component of a big data security strategy. Splunk and SumoLogic are good performance monitoring solutions that have strong appeal to security professionals. Customers have the flexibility to deploy these capabilities either on-premise or in the cloud.