HP has unveiled its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyberattacks or rogue-employee behaviour.
HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problems.
"Data is increasing and doubling every two years but companies aren't getting enough intelligence out of it," says Varun Kohli, HP director of product marketing, enterprise security products, who argues larger organisations now regard their massive stores of data not just in terms of exabytes but brontobytes.
In terms of using any of this data for purposes of security, HP is making the case that enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.
Rogue employee behaviour
HP's approach calls for making use of the data that can be analysed with its Autonomy enterprise search and knowledge management applications and uniting some of these findings with the HP ArcSight SIEM. He notes Autonomy can monitor any website, social media sites like Facebook and Twitter, and other online sources to analyse content of interest. By correlating it with ArcSight, the SIEM can monitor employee behaviour online or watch for unauthorised posting of sensitive information, he says.
Kohli says it's not only possible to pinpoint rogue-employee behaviour related to data leaks but even learn in advance about cyberattacks being planned online against the organisation by hactivists, who often post IP addresses to attack.
"Autonomy gives meaning to data. It can find out what people are saying, whether positive or negative things, online," says Kohli. "It could collect data that someone is going to launch an attack on my bank, for instance."
Autonomy, acquired by HP for $10.3 billion in late 2011, is said to have about 20,000 customers, and they would be the first likely participants to try out HP's Big Data Security approach. Kohli acknowledges that what's being tested today probably just "scratches the surface" in terms of the potential down the road. IBM and RSA, which recently introduced their own Big Data Security strategies, also admit it's early in the game.
Mining Big Data
One of the main questions, of course, is whether IT security professionals and data managers will show the level of interest and engagement needed to pursue what is still an emerging technology in mining Big Data for the purposes of security.
According to a recent survey of 706 IT workers and IT security practitioners in financial services, manufacturing and government asked about "Big Data analytics in cyber defence," 56% said they were aware of some of it and 61% thought it could be used to solve "pressing security issues." Some 35% said their organisations used some type of data analytics already to detect anomalous and potentially malicious traffic from entering their networks.
The "Big Data Analytics and Cyber Defense" survey, sponsored by Teradata and conducted by Ponemon Institute, indicated financial services industry had a higher level of interest and awareness about the potential than manufacturing or government.
Many said they'd like to see Big Data analytics used for security by combining knowledge gained through anti-malware, anti-DDoS, SIEM, content-aware firewalls, intrusion-prevention systems, web applications firewalls and more. However, IT and security managers may have a big struggle ahead to convince upper management and others it's worth it. The survey notes, "there is a significant difference in how the value is perceived by others in the organisation. Less than half (47%) of respondents believe their organisation considers Big Data analytics in cyber defence as very important."