A byte out of cybercrime: Big data fights back
RSA uses information security analytics to slash event response times
EMC Corp's security division, RSA, today introduced its Security Analytics solution to a media roundtable at the Jumeirah Beach Hotel, Dubai.
The solution merges NetWitness - a network traffic warehousing and indexing application - with security information and event management (SIEM); network forensics technology; and big data analytics. The result is a distributed solution that allows threat management specialists to cut incursion analysis and response times from months or weeks to hours or minutes.
"Over the past 10 years we have opened up our infrastructures creating a hyper-connected world," said Art Coviello, executive chairman, RSA
"The amount of digital content that we store has soared, going from 1 exabyte [1m terabytes] to one zettabyte [1000 exabytes or 1bn terabytes]. The bandwidth that we have today going from 100,000 bits per second to 100m bits per second increases the velocity of all of that data. In terms of applications, [everything used to be] client-server and mainframe; now more and more, everything is a Web app. And in terms of mobility, we used to have the laptop, but now we have a plethora of mobility devices."
The message is clear, even though it is not new: the proliferation of devices has led to technology infrastructures that sprawl haphazardly across multiple platforms, with data being consumed and created at dizzying rates.
"By creating these hyper-connected infrastructures we have opened ourselves up as never before," said Coviello.
"Sure we've yielded tremendous improvements and increases in productivity... but we've created openings for those who would do us harm. Roughly 10 years ago we didn't face a complex criminal eco system; we were dealing mostly with script kiddies and people who were just trying to make a name for themselves. We didn't have these advanced persistent threat attacks from nation states trying to steal our intellectual property. We didn't have a host of cyber hacktivists who were interested in embarrassing us on a continuing basis."
RSA's central argument throughout the roundtable was the skewed financing of information protection initiatives.
"So how has our approach changed?" asked Coviello.
"Unfortunately nowhere near enough. We still have a very reactive security model. It's perimeter based; the controls tend to be static and rules-based; we get no leverage from the controls because they exist in a silo pattern. This reactive means of creating a security infrastructure made sense as technology evolved but now we find ourselves in a position where we're not getting enough leverage from our control environment. We spend most of our IT security budgets on prevention - roughly 70% to 80% - and only 15% to 20% on detection and inexplicably, only 5% to 10% on response."