Within Information Security Operations the derived value is in the response to correlated data. These sources typically tend to scale horizontally as organizations buy into further hard assets to assist them in mining the Big Data for answers.
However, recently I had the opportunity to study this process and found that many, if not all organizations, still struggle with getting in front of the data.
When I consider this challenge I envision a mighty river that engineers are attempting to redirect for natural resource value. If they can control the direction of this river then they can extract its power and provide natural power to several cities. Past experience has proven that with insightful analytics security events can be found and responded too, but after spending hours with Security Operations personnel I have found that the task is becoming more complex; and, that the data is becoming more disparate.
Eventually I found myself recognizing that the best practice is the greatest deficit in the determining of an acceptable success metric when mining the data for answers. What do I mean by that? Years ago someone said that best practice was to pull all the data back into centrally managed source that the enterprise can tap into. However, this is counter intuitive to the direction of the business. Therefore, individual(s) end up believing they can stand in the middle of a raging river and not get swept away. It is not natural for an enterprise in today’s computing culture not use cloud resources. Business after business is looking for cost effective ways to save money on the IT bill.