EMC isn’t the only company applying data analytics to security issues: IBM has announced IBM Security Intelligence with Big Data, designed to repel external cyber-security threats and detecting internal risks.
IBM’s platform can scan and analyze massive amounts of structured and unstructured data; in theory, that means an organization can run everything from security device alerts and system logs (structured data) to emails and social media content (unstructured data) for threats. While IBM’s also touting advanced forensics (“for deep visibility into network activity”) and a graphical front-end tool for visualizing data—i.e., a dashboard—it’s emphasizing this ability to sift through all types of data as the software’s key advantage.
“Our goal is to provide actionable insight into every bit of data, no matter where it resides across the network, and help clients learn from past activity to better secure the future.” Brendan Hannigan, General Manager of IBM’s Security Systems Division, wrote in a Jan. 31 statement.
IBM has grouped a number of pre-packaged security tools onto the platform, including a “comprehensive” security data taxonomy and automated data normalization.
As illustrated by the much-publicized attacks on The New York Times’ IT systems, it’s difficult for any organization—no matter how well funded—to defend against all cyber-attacks, many of which are launched by very smart people using very cutting-edge tools. The Times relied on antivirus software from Symantec, which managed to detect and quarantine one of the 45 pieces of malware installed by the attackers.
“We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough,” is how Symantec defended itself after the Times published an account of the attacks.
For organizations without a multinational’s resources, IT defense is often an even trickier proposition. According to Javvad Malik, a senior analyst in the 451 Enterprise Security Practice, many small- to midsize organizations exist below a security “poverty line,” lacking the expertise or money to really invest in security.
“It’s really this uncertainty and lack of clarity, and lack of real information that is the real reason why poor security decisions are made that aren’t really appropriate to that particular organization,” he said. “When those sorts of decisions are made, that’s when it becomes prohibitive, because it’s not inline with the organization’s way of working or actual risk appetite or working culture.”
For big organizations with a lot of resources (and a lot of data to protect), a platform that relies on analytics to hunt down threats might be just the ticket to more powerful security. But there’s also the question of what smaller firms can do to protect themselves against an increasingly dangerous world.