Big data analytics is a concept that gets thrown around a lot. It may sound cool – but can it really improve information security?
Gartner defines big data analytics as the ability to find patterns in data that may be new or different from normal, day-to-day behavior. This is an especially important undertaking for large enterprises that have thousands of sessions introducing millions of potential security risks at any given moment. Big data analytics allow Bay Dynamics’ Risk Fabric security intelligence tool to separate the news from the noise, helping security professionals predict and prevent all types of security problems.
Detailed security metrics, based on data from any department, form the key building blocks of Risk Fabric. These metrics can be derived from raw data or specific aggregations that play across all elements of the enterprise environment. By weaving all types of security metrics together in a single logical data warehouse (LDW), Risk Fabric creates a consolidated foundation for tracking security trends and exposing potential vulnerabilities in any organization.
A sample high-level security metric that Risk Fabric might use is the total number of computers across the enterprise, while a more specific data point would be the number of files with sensitive data that are stored on a particular drive and haven’t been accessed in more than two years. Because Bay Dynamics’ patent-pending Logical Data Warehouse technology rapidly brings together security data from multiple systems, Risk Fabric users can define and track new, comprehensive metrics that were not feasible with traditional data individual repositories or point products. These unique metrics can also be driven by use cases, ensuring that Risk Fabric insights match a company’s most vital security objectives.
Using the right key metrics, Risk Fabric can identify deviations from what’s normal for an organization – what we call “separating the news from the noise.” Risk Fabric uses metrics gathered from across the company to create a baseline security history, then enriches this historical data with predictive analytics that forecast behavior and define a “tolerance zone” for each metric. This tolerance zone reflects the changes in the metric that are expected with day-to-day behavior. If a metric veers outside of the tolerance zone, this information bubbles up as a news item on the Risk Fabric home page, so security professionals can take immediate action.
In the context of security intelligence, big data analytics provides big picture knowledge across the enterprise, including the ability to identify subtle "needle-in-the-haystack" behavior that falls outside the norm. Big data analytics is a powerful lens that can look across the enterprise, define standard operating behavior, and immediately focus on any abnormal activity. Thanks to big data analytics, Risk Fabric users can quickly view what is changing across the enterprise, identify how these shifts relate to what’s expected, and isolate malicious activity for corrective action – all without processing hundreds of alerts, emails, and incident reports. In other words, big data analytics creates a new, improved approach to information security.