#WhatIs.com: Enterprise IT news roundup SearchSecurity: ContentSyndication WhatIs.com: Enterprise IT tips and expert advice IFRAME: //www.googletagmanager.com/ns.html?id=GTM-PWWZSH (BUTTON) SearchSecurity TechTarget TechTarget (BUTTON) Search the TechTarget Network ____________________ Sign-up now. Start my free, unlimited access. Login * SearchSecurity + SearchCloudSecurity + SearchNetworking + SearchCIO + SearchConsumerization + SearchEnterpriseDesktop + SearchCloudComputing + ComputerWeekly * Topic Data Analysis and Classification Enterprise Data Protection View All + Data Loss Prevention + Data Security and Cloud Computing + Database Security Management + Disk Encryption and File Encryption + Enterprise Data Governance + Data breaches and ID theft Application and Platform Security View All + Application attacks + Application Firewall Security + Database Security Management + Email Protection + Vulnerability management + Open source security + Operating System Security + Secure SaaS + Productivity applications + Social media security + Software development + Virtualization security + Web Security Tools and Best Practices Enterprise Data Protection View All + Data Analysis and Classification + Data Loss Prevention + Data Security and Cloud Computing + Database Security Management + Disk Encryption and File Encryption + Enterprise Data Governance + Data breaches and ID theft Enterprise Identity and Access Management View All + Identity management + User Authentication Services + Web Authentication and Access Control Enterprise Network Security View All + NAC and endpoint security + IDS + Network Protocols and Security + Tools, Products, Software + Secure VPN Setup and Configuration + Wireless security Government IT security View All Information Security Careers, Training and Certifications View All + CISSP Certification + Information Security Jobs and Training + Security Industry Certifications Information Security Management View All + Business management + Disaster recovery + Enterprise Compliance Management Strategy + Compliance software + Enterprise risk management + Incident response + Laws, investigations and ethics + Policies, procedures and guidelines + Conference coverage + Awareness training and insider threats + Market trends and predictions + Vendor management Information Security Threats View All + Application Attacks -Information Security Threats + Denial of service + Email and messaging threats + Emerging threats + Enterprise Vulnerability Management + Hacker tools and techniques + Identity Theft and Data Security Breaches + Incident response + Malware + Security Awareness Training and Internal Threats + Mobile device threats + Web Application and Web 2.0 Threats + Web server threats Security Audit, Compliance and Standards View All + Cloud Computing Security Standards + COBIT + Data Privacy and Protection + FFIEC Regulations and Guidelines + Gramm-Leach-Bliley Act (GLBA) + HIPAA + ISO 17799 + IT Security Audits + PCI Data Security Standard + Sarbanes-Oxley Act Security for the Channel View All Topics Archive View All + IM Security Issues, Risks and Tools + Security Resources Please select a category + Application and Platform Security + Enterprise Data Protection + Enterprise Identity and Access Management + Enterprise Network Security + Government IT security + Information Security Careers, Training and Certifications + Information Security Management + Information Security Threats + Security Audit, Compliance and Standards + Security for the Channel * Section Get Started + News + Get Started + Evaluate + Manage + Problem Solve + Sponsored Communities * * * * Buying Decisions Introduction to big data security analytics in the enterprise * * [sullivan_dan.jpg] by Dan Sullivan Expert Dan Sullivan explains what big data security analytics is and how these tools are applied to security monitoring to enable broader and more in-depth event analysis for better enterprise protection. This Article Covers Data Analysis and Classification RELATED TOPICS * Data Loss Prevention * Data Security and Cloud Computing * Database Security Management * Disk Encryption and File Encryption * Enterprise Data Governance * Data breaches and ID theft Looking for something else? * What enterprises should know about threat intelligence tools * How does user behavior analytics compare to security awareness training? * Six criteria for procuring security analytics software TECHNOLOGIES Data security applications MapReduce NoSQL databases + Show More Sections * Share this item with your network: * * * * * * Related Content * CW500: Jitender Arora, GE Capital Europe – ComputerWeekly * Big data analytics can reduce cyber risks, says ISF – ComputerWeekly * Five factors for evaluating big data security ... – SearchSecurity Sponsored News * To Create an Agile, Data-Driven Enterprise, Consider BI Modernization –HPE * Actionable Insights through Analytics –Dell * See More Vendor Resources * SIEM Battleground Unfolds Security School –SearchSecurity.com * Big Data Universe Expands –SearchDataManagement * * * + + + + + A significant portion of information security efforts go into monitoring and analyzing data about events on servers, networks and other devices. Advances in big data analytics are now applied to security monitoring, and they enable both broader and more in-depth analysis. In many ways, big data security analytics and analysis is an extension of security information and event management (SIEM) and related technologies. However, the quantitative difference in the volumes and types of data analyzed result in qualitative differences in the types of information extracted from security devices and applications. Big data security analysis tools usually span two functional categories: SIEM, and performance and availability monitoring (PAM). SIEM tools typically include log management, event management and behavioral analysis, as well as database and application monitoring. PAM tools focus on operations management. However, big data analytics tools are more than just SIEM and PAM tools coupled together; they are designed to collect, integrate and analyze large volumes of data in near real time, which requires several additional capabilities. Like SIEM, big data analytics tools have the ability to accurately discover devices on a network. In some cases, a configuration management database can supplement and improve the quality of automatically collected data. Integration with third-party security tools as well as integration with LDAP or Active Directory servers are other must-have features of big data analytics. Support for incident response workflows varies among SIEM tools, but are essential when working with big data volumes of logs and other sources of security event data. Five key features distinguish big data security analytics from other information security domains. Key feature #1: Scalability One of the key distinguishing features of big data analytics is scalability. These platforms must have the ability to collect data in real or near real time. Network traffic is a continual stream of packets that must be analyzed as fast as they are a captured. The analysis tools cannot depend on a lull in network traffic to catch up on a backlog of packets to be analyzed. It is important to understand that big data security analytics is not just examining packets in a stateless manner or performing deep packet analysis. Although these are important and necessary, it is the ability to correlate events across time and space that is a key differentiator of big data analytics platforms. This means the stream of events logged by one device, such as a Web server, may be highly significant with respect to events on an end-user device a short time later. Key feature #2: Reporting and visualization Another essential function of big data analytics is reporting and support for analysis. Security professionals have long had reporting tools to support operations and compliance reporting. They have also had access to dashboards with preconfigured security indicators to provide high-level overviews of key performance measures. Once again, both of these existing tools are necessary but not sufficient to meet the demands of big data. Visualization tools are also needed to present information derived from big data sources in ways that can be readily and rapidly identified by security analysts. For example, Sqrrl uses visualization techniques to help analysts understand complex relationships in linked data across a wide range of entities, such as websites, users and HTTP transactions. Key feature #3: Persistent big data storage Big data security analytics gets its name because the storage and analysis capabilities of these platforms distinguish them from other security tools. These platforms employ big data storage systems, such as the Hadoop Distributed File System (HDFS) and longer latency archival storage. Back-end processing, meanwhile, may be done with MapReduce, a well-established computational model for batch processing. While MapReduce is highly resistant to failure, it is at the cost of I/O-intensive processing. A popular alternative to MapReduce is Apache Spark, a more generalized processing model that utilizes memory more effectively than MapReduce. In addition to physical devices and virtual servers, big data security analytics must attend to software-related security. Big data analysis systems, such as MapReduce and Spark, address the computational requirements of security analytics. Long-term persistent storage, in the meantime, typically depends on relational or NoSQL databases. The Splunk Hunk platform, for instance, supports analysis and visualization on top of Hadoop and NoSQL databases. The platform sits between an organization's nonrelational data stores and the rest of its application environment. Hunk apps integrate directly with data stores and do not require jobs to be moved to a secondary in-memory store. The Hunk platform includes a range of tools for analyzing big data. It supports development of custom dashboards and Hunk apps, which can be built directly on top of an HDFS environment, as well as adaptive search and visualization tools. Another key feature of big data security analytics platforms is intelligence feeds, where established vulnerability databases as well as security blogs and other news sources are continually updated with potentially useful information. Big data security platforms can ingest data from a variety of sources, deduplicate threat notices and correlate information from their own custom data-collection methods. Key feature #4: Information context Since security events generate so much data, there is a risk of overwhelming analysts and other infosec professionals and limiting their ability to discern key events. Useful big data security analytics tools frame data in the context of users, devices and events. Data without this kind of context is far less useful, and can lead to higher than necessary false positives. Contextual information also improves the quality of behavioral analysis and anomaly detection. Contextual information can include relatively static information, such as the fact that a particular employee works in a specific department. It also includes more dynamic information, such as typical usage patterns that may change over time. For example, it may not be unusual to have a large volume of queries on a data warehouse on Monday mornings, as managers run ad-hoc queries to better understand events described in their weekly reports. Key feature 5: Breadth of functions The final distinguishing characteristic of big data security analytics is the breadth of functional security areas it spans. Of course, big data analytics will collect data from endpoint devices; that is any device that is connected to a TCP or IP network via the Internet. This includes anything from laptops and smartphones to Internet of Things devices. In addition to physical devices and virtual servers, big data security analytics must attend to software-related security. For example, vulnerability assessments are used to determine any possible security weak points in the given environment. The network is a rich source of information and standards, such as the Cisco-developed NetFlow network protocol, which may be used to gather information about traffic on a network. Big data analytics platforms can also use intrusion detection products that analyze system or environment behavior in order to spot possible malicious activity. The differences of big data security analytics Big data security analytics is qualitatively different from other forms of security analytics. The need for scalability, tools for integrating and visualizing diverse types of data, the increasingly importance of contextual information, and the breadth of security functions that must be supported in big data security analytics are leading vendors to apply advanced data analysis and storage tools to information security. The next article in this series will examine the most common deployment scenarios and the types of companies that would benefit the most (and least) from big data security analytics. It will also present how IT departments can make the business case for implementing this technology to executive management. Next Steps Learn more about the new era of big data security analytics. Can big data security analytics revolutionize information security? How big data security analytics is harnessing new tools for better security. This was first published in November 2015 Dig Deeper on Data Analysis and Classification * All * News * Get Started * Evaluate * Manage * Problem Solve * Five factors for evaluating big data security analytics platforms * The business case for big data security analytics * What enterprises should know about threat intelligence tools * How does user behavior analytics compare to security awareness training? (BUTTON) Load More (BUTTON) View All * What enterprises should know about threat intelligence tools * Too many false positives, security alerts inundate enterprise, study says * NSA’s big data security analytics reaches the enterprise with Sqrrl * Research finds more organizations use big data analytics for security (BUTTON) Load More (BUTTON) View All News * What enterprises should know about threat intelligence tools * How does user behavior analytics compare to security awareness training? * Six criteria for procuring security analytics software * Buyer’s Essentials: What to look for in user behavioral analytics tools (BUTTON) Load More (BUTTON) View All Get started * Five factors for evaluating big data security analytics platforms * The business case for big data security analytics * Comparing the top security analytics tools in the industry * User behavior analytics: Conquering the human vulnerability factor (BUTTON) Load More (BUTTON) View All Evaluate * User behavior analytics: Conquering the human vulnerability factor * Catfish, super users and USB drives: We do the math * Six criteria for procuring security analytics software * OpenDNS' Hubbard predicts Internet threats with security analytics (BUTTON) Load More (BUTTON) View All Manage * Data-classification levels for compliance: Why simple is best * What is 'big data'? Understanding big data security issues * Security big data: Preparing for a big data collection implementation * Intro: How big data benefits enterprise information security posture (BUTTON) Load More (BUTTON) View All Problem solve PRO+ Content Find more PRO+ content and other member only offers, here. * E-Handbook Buyer’s Essentials: What to look for in user behavioral analytics tools * [402342-2078705087.gif] Dan Sullivan asks: Are big data security analytics tools on your organization's agenda for its security program? Why or why not? 0 Responses Join the Discussion Related Discussions Dan Sullivan asks: Are big data security analytics tools on your organization's agenda for its security program? Why or why not? 0 Responses So Far Join the Discussion 0 comments Oldest Newest ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ Comment ____________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ [X] Send me notifications when other members comment. Register or Login E-Mail ____________________ Username / Password Password ____________________ ____________________ Forgot your password? Comment By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy (BUTTON) Load More Comments Forgot Password? No problem! Submit your e-mail address below. We'll send you an email containing your password. 1. E-Mail: ____________________ (BUTTON) Submit Your password has been sent to: -ADS BY GOOGLE [INS: :INS] Latest TechTarget resources * Cloud Security * Networking * CIO * Consumerization * Enterprise Desktop * Cloud Computing * Computer Weekly SearchCloudSecurity * RSA president outlines cloud security strategy, IDaaS plans RSA President Amit Yoran discusses how the security vendor is changing its focus and explains how cloud security will play an ... * How APT groups are conducting public cloud attacks Advanced persistent threat groups are using public cloud services to their advantage. Expert Ed Moyle explains how enterprises ... * Breaking down the Amazon EC2 key recovery attack A research paper demonstrating a key recovery attack on Amazon Web Services' EC2 illustrates the risks of colocation and ... SearchNetworking * Cisco leads, HPE gains in key tech infrastructure markets Cisco led in six of seven key tech infrastructure markets last year, while Hewlett Packard Enterprise gained strength in several ... * DNS co-founder discusses need for a more secure DNS Thirty years after creating the Internet's domain name system, co-creator Paul Mockapetris talks about addressing Internet ... * How to buy a content delivery network A CDN is a system of distributed servers that deliver Web pages and other types of content such as video to users based on their ... SearchCIO * Four ways to build a successful CIO-CEO relationship Digital business is having a profound effect on the CIO-CEO relationship. Here's how CIOs can seize the moment. * Digital business disrupts CIO-CEO relationship Technology is a top-three business priority for 25% of CEOs, according to Gartner, paving the way for CIOs to play a more ... * FTC report puts spotlight on consumer protection in the big data era A new FTC report zeroes in on the unethical use of big data. Also in Searchlight: Uber pitches customized entertainment; Google ... SearchConsumerization * Android, Windows tablets from HP take aim at business users HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost $449 and ... * Microsoft to lay off 18,000, Nokia X moves to Windows Phone Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier... * Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2 Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ... SearchEnterpriseDesktop * Mac OS X security flaws IT should know about If you support Macs in your company it's important to remember that OS X has security flaws just like the Windows operating ... * Everything you need to know before a Windows 10 migration No matter which version of Windows you're upgrading from -- be it XP, 7 or 8.1 -- the move to Windows 10 will probably seem ... * Free tools help uncover PII security risks Personally identifiable information can live outside the databases on corporate networks, and it needs to be locked down so ... SearchCloudComputing * Cloud price cuts continue with Azure, but don't expect a trend Microsoft Azure will reduce VM cloud prices next month by up to 17%, tapping into customers' cost sensitivity around this time of... * Microsoft's IoT Hub lags behind Azure IoT Suite Microsoft is facing off against archrival Amazon in the race to establish cloud IoT services, but its Azure IoT Suite still has ... * Build a cloud exit strategy in three steps For one reason or another, some enterprises need to move their applications out of the cloud. Here are three key steps to make ... ComputerWeekly * Cloud vs. Colocation: Why both make sense for the enterprise right now With colocation providers moving to adopt simpler, cloud-like charging models, would enterprises be better off ditching the ... * World Quality Report 2015 The speed of digital transformation is increasing the importance and pressure on quality assurance testing, according to the ... * AWS on course to outstrip Amazon.com in profit terms this year, research suggests RBC Capital shines a light on how fast and deep end-users are going in the Amazon Web Services cloud * About Us * Contact Us * Privacy Policy * Videos * Photo Stories * Guides * Advertisers * Business Partners * Media Kit * Corporate Site * Experts * Shon Harris CISSP training * Reprints * Archive * Site Map * Events * E-Products All Rights Reserved, Copyright 2000 - 2016, TechTarget Close