"Big Data" is all the rage.
The Boston Globe reported last month that Massachusetts alone is home to more than 100 companies that focus on big data -- the ability to dissect and understand a flood of digitized information quickly and then act on it in a "predictive" rather than "reactive" way. Employment in this sector is expected to more than double over the next six years, adding an estimated 15,000 jobs in a sector that McKinsey Global Institute recently estimated is worth $64 billion.
But big data does not automatically mean big security improvements. If not handled with care and expertise, it could mean the opposite. That will be the focus of a panel discussion at the RSA Conference in San Francisco today at 3:50 p.m. in room 301.
Bill Brenner, CSO magazine managing editor, will moderate. Panelists are John Adams, security operations manager for Twitter; Andrew Jaquith, CTO at Perimeter E-Security; Rich Mogull, analyst and CEO at Securosis; and Adam O'Donnell, chief architect at Sourcefire.
While much of the buzz around big data understandably focuses on marketing, since it makes it easier to predict consumer behavior, a blog post last November by Morey Haber, vice president, project management for eEye Security, notes that for organizations with high security requirements, "the security data driving today's modern threat and risk intelligence is 'big data' in itself. In fact, it might be the biggest data in your organization, with regards to its value and impact to operations.
"It is one thing to collect this data," Haber writes, "but the real challenge is in making sense of (it) in an actionable format."
Indeed, much of the panel discussion will focus on the pros and cons of managing big data for security purposes.
O'Donnell says that on the plus side, big data enables the analysis of not only security threats, but also, "gives context to the threats by comparing them with rich, global baseline data. It allows us to know either that a threat or an attack is unique to a specific target or something commonly seen across all users."
Jaquith says his firm has a "natural affinity for huge quantities of 'machined' security data (since) we filter through 450 million events per day." He adds that it encourages exploration and is, "well suited for MSSPs and other companies that handle large amounts of customer security information."
But then, O'Donnell notes that big data, "can do powerful things, but only when wielded by the right hands, rather than implemented in a haphazard fashion by someone saying, 'Oh, we need big data to solve this.'"
Jaquith agrees. He says the analysis tools for big data are still "very immature," and that "high-skill analysts are hard to find."
And Adrian Lane, analyst and CTO of Securosis, cautioned in a blog post headlined, "Big data and bad security" that "The rush to collect and mine big data leaves data security in the dust."
So, much of the discussion will focus on the general agreement that security professionals should take advantage of all the intelligence available -- that big data techniques can extract value from this wealth of information, but that unless they understand both the problem they are trying to solve and the technology they are thinking of leveraging to solve it, their efforts may fail.
O'Donnell says that at Sourcefire, retrospective threat detection fundamentally leverages big data techniques.
"We are likely just scratching the surface here, and there are a wealth of new opportunities waiting to be uncovered," he says.
But that comes with a cautionary note: Before focusing on "big data," focus on "good data," so you don't end up with "garbage-in-garbage-out." The audience will be welcomed to participate in the discussion.