Big Names, Big Security and Big Data – a Reflection on SINET Innovation Summit 2014

By Ryan Stolte at 8/14/2014 11:11 AM
Filed Under: Big Data, Big Data Analytics, Context, cybersecurity

In recently attending the SINET Innovation Summit 2014 in New York, I was impressed with the quality of speaker/panel participants the event continues to showcase. This included Admiral Michael S. Rogers, Commander of U.S. Cyber Command and Director of the National Security Agency/Chief of Central Security Service.

 

And if you sat in on a panel session or two, you’d notice that very few of the panelists were security vendors that had a message to sell. The conversations were led by insight from chief information security officers (CISO) and Cybersecurity heads from the highest levels of the military, Department of Homeland Security (DHS), additional federal agencies, financial institutions and other esteemed private organizations. This afforded to me an invaluable opportunity to hear about the trends and challenges they’re seeing first-hand.

 

While a variety of topics were discussed, there were two issues that really stood out for me and those were 1) The massive cyber security undertakings required of the large government and financial institutions and 2) How organizations are using Big Data.

 

While on their own, these two topics may seem pretty common, but as they were discussed and I reflected on them, some key points stuck out in my head.

 

1) If the ‘big guys’, with their massive investments in cybersecurity, are still very concerned about stopping the bad guys, what does that mean for everybody else?  Not surprising, many of the leaders at these large organizations discussed the staggering challenges of implementing effective security strategies and focusing /managing resources and personnel to execute and stay ahead of the latest attacks on a daily basis. And even with these massive efforts, more often than not, they are still concerned about their security posture.

 

If these hardened enterprises, which are at the top of their game when it comes to cybersecurity, are working this hard, what does that mean for all the other companies? Retailers and other corporations – not to mention smaller companies – usually don’t command the same attention and resources when it comes to cybersecurity. It doesn’t take long to find real-life examples of this.

 

Just look at Target, from which 40 million customer credit card numbers and 70 million addresses, phone numbers and additional items of information were stolen late last year due to a breach. The Michaels store chain also dealt with a major breach this year, affecting data linked to 3 million of its customers’ payment cards .

 

It only takes one successful exploit by an attacker to inflict months – even years – of losses and reputational damage. This is why it’s important for enterprises to partner with a vendor who can bring the required cybersecurity expertise and talent to the game, allowing them to focus on core competencies such as merchandise, sales, customer service, etc.

 

At Bay Dynamics, we work with some of the world’s largest organizations, including financial services companies, to deploy solutions that help them reduce the “noise” from their security tools, identify threats and effectively safeguard their systems. If we can produce effective results for these customers, think of the results we can produce for other brands.

 

2) Congrats, you have a giant Big Data repository!  How did it make you more secure?  Big Data is a hot topic in most industries and especially in security where some enterprises have up to 100 different security tools producing mountains of data daily. So, it was no surprise that Big Data was part of the discussions at SINET.  As I put more thought into this topic in general, I feel we as an industry have lost sight of the ultimate goal of Big Data and fail to ask ourselves, “Is my Big Data strategy tied directly to a measurable security improvement?” 

 

The trap many fall into is directing all of their data resources into one big repository and hiring  ‘experts’ to try to make sense of it, while not focusing on impact-generating systems for using it. Today, many enterprises are entrusting data scientists with operational responsibilities to uncover and act on insights from security data. I see two serious issues with this:

 

  •  As data and repositories continue to grow, organizations will have to keep adding more and more ‘Big Data’ people
  •  These people aren’t subject matter experts in the problem they’re responsible for solving

 

Throwing more data experts at a security problem is not a sustainable – or secure - solution

 

Enterprises need to understand the data they should be going after and the context in which that data can be useful. Ultimately, striving to deliver the right data directly to the security teams (not the data scientists), so they can quickly and effectively remediate security incidents.   

 

Prioritizing investigations goes a long way. When dozens or even thousands of possible threats are coming at you every day, you need a solution that allows you to rank incoming incidents in order of urgency: Which ones have the capacity to do the most harm? Then, after you tackle those, you move on to the next on the list. Never spending too much time prioritizing events because the solution does that for you.

 

At Bay Dynamics, we take customers to this optimal state of preparedness every day by helping them unlock the vast potential of Big Data. We take pride in bringing them to the point where they’re empowered by data, instead of engulfed in it. If that sounds like something you’d like to talk about, then please contact us.

 

 

The Era of Prevention-only Security is Over

By Feris Rifai at 7/23/2014 5:04 PM
Filed Under: Context, IT Analytics, Risk Fabric, Risk Management

I recently participated in a panel at the Gartner Security & Risk Management Summit: “Security Startups: Leading the Way to Success.” As panelists, it was important for us to address the current state of IT security tools and market dynamics, in order to talk about the path to success in today’s crowded market.  As the conversation started, it was clear that the Era of Prevention-only Security is over and this gave way to multiple, large investments in monitoring and detection solutions.

 

Security teams are drowning in false positives as they deal with a barrage of information coming from siloed security tools, trying to manually piece things together by hopping from solution to solution and ultimately leading to a lack of confidence in the data. Today, enterprises need to align their data and provide context through behavior analysis – so security practitioners and investigators have a clear focus.

 

As we look at innovations in the security industry and the path to success, it’s becoming increasingly clear that IT security teams need tools to help them focus on what’s important. 


And that’s where Bay Dynamics steps in. With Risk Fabric, we deliver superior context – leveraging real user behavior and data from our clients’ point solutions – to enable IT security teams to prioritize their actions for faster remediation.

 

If you are struggling with a siloed approach to IT security and going crazy with the  data your point solutions produce, contact us and we can talk more about how to bring sanity – through  context –back to your IT security team. 

 

 

New Funding Fuels Growth and Innovation

By Feris Rifai at 7/15/2014 9:49 AM
Filed Under: Big Data, Big Data Analytics, Context, Risk Fabric, Security Analytics

In a world where cyber attacks grow and evolve on a daily basis, we know it is critical for Bay Dynamics to be innovative and constantly expand our knowledge and offering to meet the security needs of our clients.

 

Today, we are thrilled to announce we raised $8 million in Series A funding from Comcast Ventures, the venture capital affiliate of Comcast Corporation. We have established an amazing track record of working with customers to improve their security efforts and this is the next step in solidifying our position as the dominant security intelligence vendor and accelerating the innovation behind Risk Fabric.  


We work with customers around the world to help manage the deluge of information/data that is delivered through their point solutions (which can often exceed 100 tools!) Rooted in a rich history of IT and infosec analytics, Risk Fabric is a next generation solution that delivers superior context – leveraging real user behavior and data from our clients’ point solutions – to enable IT security teams to orchestrate coordinated responses for faster remediation.

 

Once they start working with us, our customers see a significant reduction in alerts, which helps reduce overhead and improve protection.  Then, they start finding new solutions to integrate and new opportunities for us to improve their security operations.  This funding will enable us to not only extend our lead, but continue to scale and innovate to address growing customer needs. 


The future is bright and we’d love for you to be part of the journey.  Please contact us and we can work together to break security silos and integrate better intelligence, to quickly and  effectively assess risk and take action.