I just came back from the RSA Conference in San Francisco where I couldn’t turn a corner without someone talking about how Big Data was revolutionizing the security industry. In fact, there was one session that stood out during the conference for me. It was titled “Managing Advanced Security Problems Using Advanced Security Analytics” where Eddie Schwartz, VP and CISO of RSA moderated a panel comprised of four industry analysts including Scott Crawford, Research Director of Enterprise Management Associates; John Kindervag, Senior Analyst at Forrester Research; Neil MacDonald, VP & Gartner Fellow of Gartner and; Jon Oltsik, Senior Principal Analyst from Enterprise Strategy Group.
The panel discussion covered quite a bit of ground including defining what Big Data actually means, the acceptance within security organizations of using big data analytic techniques as well as the prediction of when security professionals will embrace big data analytics and finally how big data can be the answer to the advanced threat problem with it’s incredible scalability and high speed analytics.
Discussion point that I agree with:
1) Everyone from the moderator to the panel participants acknowledged that the current approach that companies are taking to manage the advanced threat problem fail due to lack of event context and constraints in traditional IT architecture. The panel also pointed out that there are many organizations that are not changing their ways from traditional perimeter based security, anti-virus, etc. due to “what we don’t know won’t hurt us” mentality which leaves the security teams with archaic technology that leaves them with no visibility into the threats that affect their business.
Discussion point that I did not agree with:
1) Heat maps are a must to provide visualization. This is something I cannot agree with as the notion of a heat map is even to a risk professional becoming obsolete as they only provide a two dimensional view into the risks that could affect the business. They are not multidimensional and only provide areas of risks vs. different views into key risk issues with details. I have seen organizations phase out heat maps and phase in multidimensional models that provide a way to view risk data from different dimensions so you get a risk portfolio vs. just pretty colors from a heat map. It also should result in creating risk intelligence so organizations can make informed decisions which can and should be enhanced by risk simulations from quantitative models. What was funny was in another meeting right after the session I was handed a “global threat” heat map of the world which showed different threat colors by country on the size of a business card…..which was of no use.
The conclusion to the session did send me away with a good feeling because what I heard was that by using Big Data it solves many things that GRC programs should do which is breakdown information silos, automate the capture of information, normalize/correlate data and organize the information to be able to respond to risks in an organized/prioritized fashion. Sound familiar? I just can’t wait to see the scale of information capture and speed of analytics better enable the “R” in GRC.