HP today took the wraps off its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyberattacks or rogue-employee behavior.
HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problems.
"Data is increasing and doubling every two years but companies aren't getting enough intelligence out it," says Varun Kohli, HP director of product marketing, enterprise security products, who argues larger organizations now regard their massive stores of data not just in terms of exabytes but brontobytes.
In terms of using any of this data for purposes of security, HP is making the case that enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.
HP's approach calls for making use of the data that can be analyzed with its Autonomy enterprise search and knowledge management applications and uniting some of these findings with the HP ArcSight SIEM. He notes Autonomy can monitor any website, social media sites like Facebook and Twitter, and other online sources to analyze content of interest. By correlating it with ArcSight, the SIEM can monitor employee behavior online or watch for unauthorized posting of sensitive information, he says.
Kohli says it's not only possible to pinpoint rogue-employee behavior related to data leaks but even learn in advance about cyberattacks being planned online against the organization by hactivists, who often post IP addresses to attack.
"Autonomy gives meaning to data. It can find out what people are saying, whether positive or negative things, online," says Kohli. "It could collect data that someone is going to launch an attack on my bank, for instance."
Autonomy, acquired by HP for $10.3 billion (£6.7 billion) in late 2011, is said to have about 20,000 customers, and they would be the first likely participants to try out HP's Big Data Security approach. Kohli acknowledges that what's being tested today probably just "scratches the surface" in terms of the potential down the road. IBM and RSA, which recently introduced their own Big Data Security strategies, also admit it's early in the game.
One of the main questions, of course, is whether IT security professionals and data managers will show the level of interest and engagement needed to pursue what is still an emerging technology in mining "big data" for the purposes of security.
According to a survey published today of 706 IT and IT security practitioners in financial services, manufacturing and government asked about "big data analytics in cyber defense," 56% said they were aware of some of it and 61% thought it could be used to solve "pressing security issues." 35% said their organizations used some type of data analytics already to detect anomalous and potentially malicious traffic from entering their networks.
The "Big Data Analytics and Cyber Defense" survey, sponsored by Teradata and conducted by Ponemon Institute, indicated financial services industry had a higher level of interest and awareness about the potential than manufacturing or government.
Many said they'd like to see big data analytics used for security by combining knowledge gained through anti-malware, anti-DDoS, SIEM, content-aware firewalls, intrusion-prevention systems, Web applications firewalls and more. However, IT and security managers may have a big struggle ahead to convince upper management and others it's worth it. The survey notes, "there is a significant difference in how the value is perceived by others in the organization. Less than half (47 percent) of respondents believe their organization considers big data analytics in cyber defense as very important."
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: [email protected]
Read more about wide area network in Network World's Wide Area Network section.