RSA calls for enterprises to prepare for big data revolution in information security

RSA Security Bulletin outlines how large data will change security methods and technologies by 2015

January 18, EMC Information Security division RSA released a security bulletin that asserts that large data will be a driver of a major shift in the security industry as a whole, and will drive a smart-driven information security model. Large data is expected to bring about an enormous change in almost every discipline in the field of information security. The new briefing is expected by 2015, with large data analysis likely to bring significant changes to the market in most product categories, including Siem (Information security Incident Management), network monitoring, user identity authentication and authorization, identity management, fraud detection, and governance, risk and compliance systems.

The authors of the briefing assert that the changes brought about by big data have begun. This year, leading security agencies will deploy commercially available large data solutions to support their safe operations. Prior to this, the Advanced data analysis tools deployed in the SOC (Security Operation Center) were customized, but 2013 marked the beginning of the commercialization of large data technologies in the security field, a trend that will reshape security methods, solutions and inputs over the next few years.

In the long run, large data will also change the nature of traditional security controls such as Anti-malware, data loss protection, and firewalls. In 3-5 years, data analysis tools will be further developed to achieve a variety of advanced predictive capabilities and automated real-time control.

Today's extremely extended, cloud-based, mobile business world is not appropriate for the popular security practices that rely on border defenses and static security controls that require the knowledge of predetermined network threats. This is why security leaders are turning to the intelligent information security model-a model that perceives risk, is context-sensitive and flexible, and helps businesses withstand unknown advanced network threats. Intelligent-driven information security methods supported by large data-capable tools incorporate dynamic risk assessment, analysis of huge amounts of security data, adaptive control measures, and information sharing about network threats and attack technologies.

The security bulletin presents six guidelines to help businesses start planning for a large data-driven security toolset and operational changes as part of their Intelligent information security program.

1. Set a holistic network security strategy--the enterprise should adjust their security capabilities under the overall network security strategy and procedures tailored to their specific risks, network threats and requirements.

2. Building a shared data architecture for security information--because large data analysis requires information to be available from a variety of sources, collecting in many different formats, creating a single architecture that enables all information to be captured, indexed, standardized, analyzed, and shared is a logical goal.

3. Migrate from a single point of product to a unified security architecture--the enterprise needs to think strategically about which security products will continue to be supported and used within a few years, because each product introduces its own data structure, it must be integrated into a unified analysis framework to achieve security.

4. Seek open and scalable data security tools-enterprises should ensure that sustained investment in security products is beneficial to the use of technologies based on agile analysis methods, rather than static tools based on network threat signatures or network boundaries. New, large-data-enabled tools should provide architectural flexibility to adapt to the development of an enterprise, it, or network threat environment.

5. Strengthen the data science skills of the SOC-although the emerging security solutions will be large data-capable, the security team may not. Data analysis is a field of lack of professionals. Data scientists with expertise in the field of security are scarce and will maintain a high demand for them. As a result, many companies are likely to turn to external partners to complement their internal security analysis capabilities.

6. Use external network threat information-enhance internal security analysis procedures using external network threat intelligence services and evaluate network threat data from trusted and related sources.

Integration of large data into security practices will greatly enhance visibility into the IT environment and the ability to identify normal and suspicious activities to help ensure the credibility of IT systems and greatly improve security incident responsiveness, according to the security briefing authors.

William H. Stewart, senior vice president of Booz Allen Hamilton Consulting, said, "The game is changing." More and more data is coming into the Internet in an automated form and its carrier will continue. As a result, the security analysis tools that were very useful two or three years ago are now less useful. Now you have to look at more data and you have to look for more subtle network threats. Business tools are changing to take full advantage of these large streams of data flowing online. ”

"Over the next year, top companies with progressive security will adopt a smart-driven information security model based on large data analysis," said Eddie Schwartz, RSA chief information Security officer at the EMC Information Security Division. In the next years, the security model will become a way of life. ”

"Large data is changing in nature and breaking through the limitations of traditional security controls such as signature-based malware and firewalls, as well as rule-based identity and access management tools," said Sam Curry, chief technology officer for identity and data protection at the EMC Information Security Division. Large data is being applied in new ways to achieve adaptive, risk-based, and self-learning security controls that enable a continuous assessment of security measures and the ability to automatically adjust the level of protection based on changing environment and risk conditions. As user identities and complex data streams converge and provide richer visibility, network threats and fraud discovery and response can become more predictable, providing a data-driven view of behavior that reflects normal and unusual behaviors. ”

(Responsible editor: The good of the Legacy)