Speaking of Security – The RSA Blog and Podcast

As security professionals we are constantly thinking about finding the needle (security incident) in the data haystack. But what if just used a really powerful magnet? Potential threats are more targeted, stealthy and dynamic than they ever have been. Which means you won’t find the needle if you aren’t collecting the hay in which the needle may be hiding. So, it’s more than just collecting a lot of data, it’s about collecting the right data.

Some of the discussions we are having over here are brain-wrinklers! I was speaking with some colleagues yesterday about the security implications of big data. Typically I would group them into two separate ares: 1) Using big data as an enabler for predictive security analytics (i.e., deriving security information powered by analytics across big data) 2) Securing the output of big data analytics on the business side (and possibly in infosec too).

Earlier this week I was at MIT Media Labs for a meeting with my colleagues in EMC technical leadership. While we there, we took a tour of the Media Labs, including talking with a couple of grad students and professors. One the projects we were introduced to is called Place Pulse, “a website that allows anybody to quickly run a perception study and visualize the results in powerful ways”. It was interesting from a lot of perspectives: as an investigation of perceptual clues we use in making decisions; as an exploration of visualization techniques; and as a model both for generating and for analyzing Big Data.

By Matthew Gardiner, Sr. Manager, RSA
In my previous blog, The Future of the SIEM and the SOC, I argued that SIEMs are changing to meet the evolving security needs of Security Operations Centers (SOCs). Advanced Persistent Threats (APTs) in particular are really pushing SOCs to step up their defensive game. The ever repeating cycle of threat/attack discovery and remediation needs to crank much faster than ever before. In many cases the time window from actual breach to data leakage can be measured in hours or days, thus defensive cycles that are operating in time windows of days or weeks are moving much too slowly. The question I will attempt to at least partially answer in this blog is how SIEMs are changing to meet the rapidly changing needs of SOCs.

There was lots of buzz about big data at RSA Conference, especially in terms of the essential role that big data analytics increasingly plays in detecting data exfiltration and other security issues. Using big data for security is clearly a significant opportunity. But the security and privacy of big data is equally important and yet got much less attention. These concerns did come up in the Tuesday afternoon panel on big data, during which Rick Mogull of Securosis articulated the distinction between securing big data and using big data for security. But for me the most striking insight about the security and privacy issues for big data was in the discussion that Hugh Thompson and Dan Gardener had during the Friday afternoon “Hugh Thompson Show”.

One of the best things about moving to Europe has been learning about and getting engaged with European-based research initiatives. One of these initiatives is the FuturICT project. I was introduced to FuturICT by Donagh Buckley, EMC Director of Research for EMEA, and through him met the Chair of the FuturICT Steering Committee, Dr. Dirk Helbing, who works at the ETH here in ZÜrich. Dirk, Anna Carbone (also of the FuturICT project) and I got together for dinner last week to discuss the project and its points of intersection with EMC technologies and programs.