I spent yesterday morning at RSA's Burlington, Mass., headquarters for the unveiling of its new RSA Security Analytics product, the company's big push into Big Data security. With RSA Conference 2013 a month away, I couldn't help but think of this as a dress rehearsal. Each year at RSA there tends to be one topic that overshadows the rest, an issue that dominates many a discussion.
In 2011, it was cloud security. Last year it was smartphone security. This year, it's going to be Big Data.
I started to see the interest in Big Data at RSA last year, when I moderated a panel discussion on the pros and cons of it as a security enabler. Since then, the discussion has gotten louder. That's somewhat amusing to people like Preston Wood, Zions Bancorporation's CISO and executive VP of security. As I wrote in our "Big goals for Big Data" article, he's been using big data, by one name or another, to bolster his security program for decades. It's inspiring to see how his team made it work, really.
I'll admit that I understand the concepts around Big Data a lot more clearly since interviewing Wood and Alex Hutton, Zions' director of technology and operations risk and governance. The education I got from that interview was certainly helpful yesterday, as several RSA heavy-hitters gave presentations as part of the RSA Security Analytics rollout.
RSA/EMC Executive VP Arthur Coviello said the need to analyze Big Data for a better picture of a company's security situation is more important than ever, in light of the damaging disruptions companies face at the hands of DDoSers. It used to be that RSA customers were mostly worried about data breaches that led to the theft of sensitive information. But Coviello is seeing a shift. Lately, customers in the banking sector are worrying more about hacktivists and the disruption their politically-motivated attacks have on the bottom line.
"I abhor the term Cyber Pearl Harbor ," he said. "It's not security awareness we need, but a higher level of understanding. Language like 'Pearl Harbor' doesn't get us that understanding." He added that while the outright destruction of the Internet from an attack is unlikely, "you don't need destruction to have a serious problem." In the case of banks and other businesses, the problem is the downtime caused by DDoS attacks, which translates into serious revenue losses.
What gets us to a better understanding of the threat and the best defenses is data, and lots of it, Coviello said. RSA Security Analytics is designed to translate the data into an effective early warning system companies can use to mount a quicker, more agile response.
His assessment matches up with the concerns I've been hearing from CSOs in the banking sector and elsewhere. Whatever the attack motivation may be, the result is always a serious loss of business.
So yes, expect to hear a lot about Big Data next month.