By Matthew Gardiner, Sr. Manager, RSA
If you were wondering when Big Data and security analytics were going to collide, recent data strongly suggests that they already have. In a big way. If you are currently employed as a security analyst you can stop rolling your eyes now. I know you know this; the purpose of this blog is to communicate to the people around you that don’t know what you already are living every day.
RSA recently sponsored some survey-based research with analyst firm ESG largely on the topic of Big Data & security. While ESG hasn’t published this research yet, RSA was recently able to get an early look at the results. A key take-away from the research is that most enterprises are already smack in the middle of the challenge/opportunity of using Big Data approaches to improve their security position. In an effort to gain better visibility and improved detection and investigative efficiency and effectiveness, organizations are collecting and trying to glean intelligence from more sources than ever before.
For example, when asked “How has the amount of data your organization collects to support its information security activities changed in the last 2 years”, 86% of respondents answered either “substantially more” or “somewhat more”. – 0% selected “less”. When asked about the types of data that their organization collects or plans to collect in the next 12-24 months, the list of data types that more than 75% of respondents checked included more than 18 types.
These two questions hit directly at two key pillars of the Big Data phenomenon, namely the existence of large data sets of highly diverse data types, from which key insights must be quickly gleaned. In the case of security, organizations need to understand where the risks are, where the infections have landed, where the attacks are in process, and what they should do about them, fast. This has lead security organizations directly into the challenge/opportunity of Big Data, now.
Matthew Gardiner is on the product marketing team at RSA and is focused on the evolution of the SOC and RSA’s solutions which help SOC analysts be more effective and efficient in their jobs. You can follow him on twitter @jmatthewg1234.