BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

UK And Germany Double Down On Joint AI, Clean Energy R&D Efforts
Decarbonizing Heavy Transportation: Quantron's Michael Perschke On Pioneering Hydrogen Solutions
Bridging The Digital Divide In The AI Era - The UNDP Way
Big Tech Ramps Up Content Moderation Amid EU Pressure
Spain's Successful Miura 1 Launch Reignites Europe's Hopes For Space Exploration
UNESCO And The Netherlands Launch Initiative To Ensure Ethical Oversight Of AI
Edit Story
ForbesInnovationCybersecurity

Applying Intelligence To Big Data For Security

Richard Stiennon
Former Contributor
Opinions expressed by Forbes Contributors are their own.
Industry analyst. Author.
This article is more than 10 years old.

Much has been said about Big Data and security.

The theme of RSA Conference 2013 was Security in Knowledge and many vendors were talking about Big Data and security. This gives rise to a lot of confusion in the security industry. What is Big Data in terms of security?

Certainly there is a lot of data associated with security. Much of that Big Data is stored as events in huge repositories of logs. Even more Big Data can be captured on the network and parsed into events and records of network activity. But is this big Data in the sense that Walmart uses Big Data?  Or the way Amazon or Netflix figures out what you like? Or Facebook magically feeds you ads based on things your friends are posting on your wall? Or the way you wish your credit card company would take note that you purchased a flight overseas and does *not* call you with fraud alerts when you appear in a different country?

No, security Big Data is about matching security intelligence with the right collected data.

Security intelligence is comprised of knowledge of threat actors, the tools they use, the IP addresses they use, and even who they are targeting. Security intelligence can even reduce the amount of data that has to be captured, stored and managed. After all, if ten groups are attacking you on any given day, do you really get any value out of collecting alerts from millions of devices, thousands of users, and hundreds of applications if only a few of them are part of the attack? I would suggest that the data itself is of zero value. The value comes from the security intelligence that can winnow out the attacks from the data. See how Anton Chuvakin of Gartner thinks about Big Data security in his post about security exploration versus responding to alerts.

As Rob Sadowski, Director of Marketing at RSA, Security Division of EMC, points out in this video, this activity is changing the way security teams operate. Instrumentation and data collection are still critical, but applying filters derived from intelligence is the path to achieving better security.

Richard Stiennon
Richard Stiennon