RSA: Use big data to find cyber-threats

Companies must harness 'big data' analysis capabilities to combat growing threats to network security, according to RSA president Art Coviello.

Companies need to use data from multiple sources to provide effective network security, RSA boss Art Coviello has said. Image credit: ZDNet.com

IT managers should take a holistic view of threats hitting systems using data gathered from numerous different sources, Coviello told the RSA Conference2012 in San Francisco on Tuesday.

"To gather the necessary data from multiple sources organisations need to adopt a 'big data' model," said Coviello. "The age of big data has arrived in security management."

'Big data' refers to datasets that can be difficult to analyse using conventional tools due to their size and composition. For example, scientific experiments such as the LHC at CERN produce such massive datasets the experiments use globally distributed computing capabilities for analysis.

In security, 'big data' needs to come from sources both inside and outside the organisation. All parts of an organisation's network must be monitored for security to be effective, said Coviello.

"Big data refers to gathering of security-related datasets in unprecedented scale, and in numerous formats," said Coviello. "This data must be gathered not just from security controls, but from every part of your infrastructures and beyond. Data must be correlated using high-speed analytics to produce actionable information."

The age of big data has arrived in security management.

– Art Coviello, RSA

Coviello said that companies need the ability "to sift through information lightning-fast", and not rely on signature-based detection of malware. 

"Today's systems are a patchwork of controls, subject to time-consuming updates, serving up far too much data, and not nearly enough intelligence," said Coviello. "They are built around routine compliance reporting and regular audit, and assume we can achieve a priori knowledge of malware signatures."

Coviello said that organisations need monitoring capabilities that "understand patterns of user behaviour and comprehend transaction patterns and the flow of information" to spot high-risk anomalies and events.

"We need to identify and respond to those anomalies in real time," aid Coviello. "Ultimately, we'll have to automate those capabilities and responses."

How to mine data

Scott Charney, corporate vice president of Microsoft Trustworthy Computing, said that organisations were already collecting a large amount of security data, but did not know what to do with it.

"The problem isn't that we don't have security data," said Charney. "The problem is we know too much security data, and we don't know what to make of it."

Charney said companies must use the "power of the cloud" to analyse that data, and to automatically give patterns that would allow the detection of security anomalies. Big data can allow organisations to detect discrepancies between the way different products operate, said Charney.

Big data will require metadata tagging to improve analysis capabilities, said Charney.

"The real thing I think is going to be critical is the use of metadata and claims. The world's not going to just be about big data in terms of the underlying data, it'll be about the metadata that expresses things."

Microsoft's Azure cloud platform has monitoring and reporting capabilities, but the platform has not yet enjoyed widespread take-up according to some analysts.

Charney said that analysis of data from multiple sources would have application outside of security, and include monitoring of healthcare processes, and datasets regarding personal preferences.

"Big data is going to create a lot of opportunities in healthcare, in targeted advertising, and in security," said Charney.

One security expert, who asked not to be named, told ZDNet UK that the use of different data streams from different people could have privacy implications.

"Obviously there are privacy concerns," said the expert. "Big data can combine all sorts of data from all sorts of people."