Large Data guarantee enterprise information security from passive to active

Source: Internet
Author: User
Keywords Large data security security vendors
Tags analysis apt attack automatic change company data enterprise enterprise information

The biggest change that large data brings to information security is through automated analysis processing and deep excavation, which will be done in a lot of time before and after treatment, turn to advance automatic assessment forecast, emergency treatment, let the Safety protection initiative.

Gartner believes that 2013 will be a year of large-scale adoption of large data technology by enterprises. 42% of IT executives say their companies have invested in large data technologies or will be investing in them within a year. It has become an important part of enterprise IT revenue to obtain valuable information from the structure and unstructured data of the massive low value density.

Large data for security vendors, means that a lot of log, hacker attacks more covert, but also an effective way to improve security technology.

Enterprise IT managers will not be unfamiliar with this scenario: an employee in the group Shanghai Branch card into the company's internal, five minutes after the backstage system shows that employees in Beijing branch Log in Enterprise OA system. In isolation, neither of these events is a security incident, but if they are linked, the IT staff is immediately aware of the seriousness of the problem, how can one fly from Shanghai to Beijing in five minutes? Corporate information is in danger of leaking.

In the past, if the group's IT systems were complex, the number of logs generated per day in various branches was numerous and could not be centrally managed, and a similar security threat could be submerged in hundreds of thousands of security logs. Now, with large data analysis, SIEM (Security information and event management) is making these security vulnerabilities clear. Recently, Hewlett-Packard Company announced the integration of ArcSight and autonomy, will autonomy in the unstructured data analysis of the advantages and arcsight Siem Combination, strengthen its situational awareness and other aspects of security analysis capabilities.

The application of large data in the field of information security includes macroscopic network security situational perception and microscopic discovery security threat, especially apt attack. Neusoft Network Security Marketing Center deputy general manager management that: "Apt attack is often hidden for several years, in order to analyze it, it is necessary to pull out the company a year or two security log, and comparative analysis, the SOC (Security Management Center) The function of a strong and difficult to complete this task. He said that without large data analysis, it would be difficult for any security solution to make a correlation analysis of the Bai information at intervals. Neusoft has been analyzed using Hadoop in the distributed capture engine of the SOC solution. ”

Some companies believe that the privacy protection of large data itself should be strengthened, management that "big data is low density data, security vendors do not need to protect the security of large data, but should use large data analysis to find more security threats, this is a rare opportunity for security vendors." In his view, large data analysis technology is not very difficult, security vendors can also buy or cooperate to obtain, "it is important to analyze the logic, including query conditions, the beginning and end of the query time and so on, these tests are still the traditional thinking of security manufacturers."

"Large data to the information security protection brought about by the biggest change is that we through automated analysis and depth mining combined, can be a lot of time before the end of the matter in, after the treatment, turn to advance automatic assessment and prediction, emergency treatment, so that the security protection can really take the initiative." "Rui Jie network security product director Wang Fu Guang that security vendors should use this trend to combine their own product solutions with large data analysis, form a set of security solutions from data collection analysis to security management strategies, and then to impact assessment, thus completing a paradigm shift from selling relative isolated products to real solutions.

(Responsible editor: Fumingli)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.