“Big Data” will play a big role in IT security over the next year, according to a new report from RSA, the security division of EMC. Predictive analytics and the ability to mine huge datasets for insight will force organizations to rethink how they implement and execute everything from business-risk management to security operations.
That opens up a need for people capable of working with huge datasets in a security context. “Security teams need analysts who combine data science with a deep understanding of business risks and cyber-attack techniques,” reads the introduction to the report. “Personnel with these skill sets are scarce, and they will remain in high demand.” In turn, that could drive the hiring of outside firms capable of supplementing those organizations’ “internal security analytics capabilities.”
Increasingly sophisticated attackers have undermined the ability of perimeter defenses to hold IT threats at bay. That’s driven the need for a more agile approach involving dynamic risk assessments, the analysis of huge datasets in order to ferret out abnormalities, and even real-time security operations. At the same time, organizations face increased risk from what the report terms dissolving network boundaries:
“As organizations open and extend their data networks—allowing partners, suppliers and customers to access corporate information in new, dynamic ways in order to push collaboration and innovation—they become more vulnerable to data misuse and theft.”
Compounding the problem, organizations generally capture and analyze only the tiniest sliver of available data for security threats. That’s partially due to technology constraints: simply put, it’s difficult to wrestle with large sets of data, much of it in wildly different formats. But over the next year, storage systems and database-analytics software will continue to evolve.
“By incorporating big data into security programs, organizations gain richer context for assessing risk and learning what’s ‘normal’ for a particular user, group, business process or computing environment,” the report added. “As organizations develop fuller, more nuanced profiles of both systems and users, security teams can enhance their ability to spot aberrant activity or behaviors.”
A security model that truly embraces “Big Data” will necessarily feature lots of moving parts, from diverse data sources and automated tools to analytics engines, advanced monitoring systems, and centralized warehouse, and a high degree of integration between all the various elements.
Other firms have concurred that mobile malware and large-scale cyber-attacks will make IT security pros’ lives especially interesting in 2013. “Cybercriminals and hacktivists will strengthen and evolve the techniques and tools they use to assault our privacy, bank accounts, mobile devices, businesses, organizations and homes,” Vincent Weafer, senior vice president of McAfee Labs, wrote in a December statement.
While data analytics aren’t the sole solution to that threat, software that picks through an organization’s datasets for anomalies can become a vital part of the shield.