"Big Data" is one of the new buzzwords in IT. So it was just a question of time when "Big Data" hits the Information Security arena. Last week I saw a press release from Information Security Forum (ISF) - a very well established non-profit association of leading organisations from around the world. Their latest report shows how "Big Data analytics can improve information security and increase cyber resilience".
For sure "Big Data" analytics have become a standard practice in many aspects of business. Data warehousing, Business Intelligence, visualisation and a variety of sophisticated analyses are commonplace.
In their press release ISF say that "...the insights they [sophisticated analyses] can provide are not yet being widely realised in information security".
My initial thought whilst reading the press release was: "hold on, that is not new, that rings some bells in my mind...". "Big Data Analytics" in Information Security is just another name for "Security Information and Event Management (SIEM)" - something that has been already established in Information Security for decades.
According to Gartner Magic Quadrant for Security Information and Event Management those solutions should:
- Support the real-time collection and analysis of events from host systems, security devices and network devices combined with contextual information for users, assets and data
- Provide long-term event and context data storage and analytics
- Provide predefined functions that can be lightly customized to meet company-specific requirements
- Be as easy as possible to deploy and maintain
Of course, the amount of data grows exponentially, also the range of data sources grows. However, the technology foundation is still the same, and all about data collection, data correlation and normalisation, and proper context-based analytics to make informed decisions out of it.
I disagree that this concept hasn't yet being widely realised. Gartner list a handful of vendors in the "Leaders" quadrant including Symantec. Just take a look to our customer case study repository, search for "Symantec Security Information Manager" and have a look how widely our customers are already using our SIEM technologies.
In addition, you will find more about Symantec Security Information Manager here. Whether you call it SIEM or Big Data Analytics, it is all about demonstrating policy compliance and reducing overall security risk.