Big data brings intelligence-based security, RSA chief says

Security architectures will gain smarts by analyzing zettabytes of data.

San Francisco — Big data will transform the way that enterprises architect and manage security, and will finally help get the good guys out in front of the bad guys, said Art Coviello, executive vice president of EMC and executive chairman of RSA.

Corviello, who delivered the opening keynote at the annual RSA Conference, which opened Tuesday, said big data, converging with social, mobile, and cloud, will provide a wealth of information that can be sliced, diced, and analyzed to fuel intelligence-based security systems.

He said an "intelligence-driven model can be made future proof. It evolves and learns from change". He added that such a system can detect anomalies and respond to them.

The model is supported by information gleaned from data that measured a zettabyte in 2012. IDC said that only 1 percent of that cache of information was actually analyzed. Going forward, Coviello said, that dataset is mined, and provides the difference that puts the white hats in front of the black hats.

That switch in advantage won't just happen, however; organizations need to pool data on security breaches to devise new ways to protect resources and create risk-based controls.

He cited recent hacks that hit Apple, Facebook, and Twitter and hoped that those companies might share their data in order to better understand what happened and how to defend against it in the future.

He said that those disruptive attacks are the path to more destructive attacks.

"The attack surface is expanding and there are new risks," he said. Big data is about sifting and analyzing. "It has the potential to transform our lives for the better. Business will become more efficient and productive."

But even as Coviello began to tilt toward wishful visionary, he balanced himself: "Having the right level of understanding is key, because if we, as an industry, overhype this situation, organizations won't take the necessary measures to prepare themselves.

"Our cause is new, we must act anew," he said.

He said big data-based controls will be smart, self-learning, will inform and be informed, they will talk to security tools and governance, risk, and compliance systems.

"Intelligent models can only succeed with better learning," Coviello said.

The goal is a shared data architecture, a single architecture to capture, analyze, and share data.

Coviello said point-to-point products can migrate to big data controls that will lead to true defense in depth.

Despite automation to pull together data and tools, Coviello said, security experts still need to believe in their own good judgment and the responsibility of their roles.

"Big data will transform security, but it must start with us," he told attendees.

Show Comments