Take the initiative! Big Data Secures Information Security

Big data for information security has brought about a huge change through automated analysis of the processing and depth of mining, many times in the past, remedial things, ex post facto assessment, forecasting, emergency response, so that security take the initiative .

Gartner believes that 2013 will be a year for large-scale enterprise adoption of big data technology. Forty-two percent of IT executives said their companies are already investing in big data technology or will make the related investment within a year. Getting valuable information from massive, low-value-density structured and unstructured data has become an important part of enterprise IT revenue.

Big data for security vendors, means that the massive log, more subtle hacker attacks, but also an effective means of improving security technology.

Enterprise IT managers will not be unfamiliar with this scenario: An employee swiping a card into the company inside Shanghai Branch of the group, five minutes later, the system shows that the employee logs in to the enterprise OA system at his Beijing office. In isolation, neither of these things is a security incident, but if they are linked, IT staff immediately realizes the seriousness of the problem. How can one fly from Shanghai to Beijing within five minutes? Faced with the risk of leakage.

In the past, if the group's IT system was complex and the number of daily logs generated by its branch offices was large and could not be managed centrally, similar security threats could be submerged in hundreds of thousands of security logs. Now, borrowing big data analytics, SIEM (Security Information and Incident Management) is keeping these security vulnerabilities invisible. Recently, HP announced the integration of ArcSight with Autonomy to combine Autonomy's strengths in unstructured data analytics with ArcSight SIEM to enhance its security analytics capabilities in context-aware applications.

The application of big data in the field of information security includes the macroscopic perception of the situation of network security and the discovery of security threats on the microscopic level, especially on APT attacks. Cao Peng, deputy general manager of Neusoft Network Security Marketing Center, said: "APT attacks are often hidden for several years, in order to analyze them, it is necessary to transfer the security log within a year or two, and conduct a comparative analysis, SOC (Security Management Center) "It's harder to get the job done," he said, adding that without any big data analytics, it's hard for any security solution to do a correlation analysis of tens of billions of messages from time to time. "Neusoft has already used Hadoop for analysis in its distributed acquisition engine for SOC solutions."

Some companies think it should be to strengthen the privacy protection of big data itself, Cao Peng did not think it necessary, "big data is the value of low-density data, security vendors do not need to protect the safety of big data, but should use big data analysis to find More security threats, this is a rare opportunity for security vendors. " In his opinion, big data analysis technology is not difficult, security vendors can also be obtained through the purchase or cooperation, "the important thing is the logic of analysis, including the query conditions, check the starting and ending points of time, these tests or security vendors Traditional thinking. "

"The biggest change that big data brings to information security protection is that through the combination of automated analytic processing and deep mining, we can shift the ex post facto and ex post facto assessments to predictive and ex ante assessment in advance, contingency and security Truly take the initiative. "Rui Jie Wang Fuguang, director of network security products that security vendors should take advantage of this trend, so that their own product solutions and big data analysis combine to form a data collection and analysis from the security management strategy issued, and then A complete suite of security solutions for impact assessment to complete the transition from selling isolated products to truly solution-based models.