Big Data is a buzzword, but often viewed as a panacea for whatever business problem might come up. “If only we had the data” is a refrain that many CIOs are familiar with. The beauty of today’s business environment is that we DO have the data, we CAN store it and ANALYZE it more cost-effectively than was previously possible. While log data has long been a part of the security discussion with SIEM (security information and event management), enterprises have more flexibility than ever before with amalgamating increasing sources of data and using them to deliver critical security insights. But before an enterprise can jump in to leveraging a torrent of data to improve their security posture, they must take the following steps:
Know where the “crown jewels” are
Understand what your organization’s critical data is – intellectual property, credit card information, user data, etc. Where is that sensitive data located? Who has access to it? Without knowledge and agreement around which systems are mission-critical and the safeguards in place to secure them, your security team cannot even start on the path to leveraging data successfully.
Compliance – not sexy, but necessary
Of all the hot security topics out there, compliance is not something that gets significant airtime unless there’s been a change in standards or significant failure in meeting them. Depending on an organization’s customers, partners and other contractual obligations, standards like HIPAA, PCI and other specific SLAs can alter the way security teams put in place processes to respond to alerts and threats. In an environment where cybercrime is estimated to have caused more than $400 billion in losses to companies and individuals last year, maintaining compliance standards can’t protect you from threats, but it won’t hurt, either.
Where is all this data coming from?
Log data, or machine-generated data, is expected to grow 15 times by 2020, according to a report by the research firm IDC. By creating a schema of all potential relevant data sources, from hardware to user data to sensors and beyond, security teams are better equipped to understand what they can learn from their data, and the queries needed to deliver that information. Ten years ago, the approach of SIEM solutions was to create a set of rules that remained static over time. Log data would be mined based on that set of queries, and it was cumbersome to review and update those queries. Today, enterprises need not be tied to that process and instead can use dynamic, predictive tools that continually adjust queries as IT infrastructure and user behavior changes over time.
Building the “dream” team
Often today, the story of a security breach does not begin with “there were no alerts notifying us of a problem.” All too often (and most recently in the case of Target), the alerts, red flags and blinking lights were there, but the right people with skillsets to address those problems may not have been. Making sure the right people are on board to review, analyze and remediate the issues that your tools identify should be reviewed on a regular basis as your organization and security landscape evolves. Conduct a cost analysis of the frequent security issues your organization faces and match that against the skillsets and certifications of your team. Keeping that balance will enable the security team to remain productive and efficient in addressing threats.
The number and purpose of Big Data tools, technologies and services in the market is reaching a zenith. There’s hype for a reason – the data can provide critical information that can guide the way a business is run and secured. Before falling victim to the marketing speak, security and IT teams must build their business case for how this data will contribute meaningfully to the organization. By first sitting down to consider what I’ve outlined here, I hope your efforts will lead you in the direction of a more secure, data-driven enterprise.
By Joan Pepin , VP of Security/CISO at Sumo Logic
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.