Firms yet to realize the value of big security data

by CXOtoday News Desk    Jun 17, 2013

big data security

Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee. According to a recent McAfee study, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35 percent of firms stated that they have the ability to do this. In fact, over 20 percent said they would need a day to identify a breach, and five percent said this process would take up to a week. On average, organizations reported that it takes 10 hours for a security breach to be recognized On an average, it takes nearly 10 hours for an organization to identify a security breach and by then all the possible disasters have happened.

“If you’re in a fight, you need to know that while it’s happening, not after the fact,” said Mike Fey, Executive VP and worldwide Chief Technology Officer. “This study has shown that far too few organizations have real-time access to the simple question ‘am I being breached?’ Only by knowing this, can you stop it from happening.”

According to Fey, to achieve real-time threat intelligence in an age where the volume, velocity and variety of information have pushed legacy systems to their limit, businesses must embrace the analysis, storage and management of big security data. For example, the study highlights on an average organizations are storing approximately 11-15 terabytes of security data a week, which will continue to grow tremendously. To put that in perspective, 10 terabytes is the equivalent of the printed collection of the Library of Congress.

“If you’re in a fight, you need to know that while it’s happening, not after the fact. But far too few organizations have real-time access to the simple question ‘am I being breached?’ Only by knowing this, can you stop it from happening.
-Mike Fey, Executive VP and worldwide Chief Technology Officer

Despite storing such large volumes of data, 58 percent of firms admitted to only holding on to it for less than three months, thereby negating many of the advantages of storing it in the first place.The ever-growing volumes of events, as well as asset, threat, user and other relevant data have created a big data challenge for security teams. To overcome this challenge, successful organizations should move from traditional data management architectures to systems that are purpose-built to handle security data management in the age of advanced persistent threats (APTs).

As McAfee reseaarchers point out to identify complex attacks, organizations should go beyond pattern matching to achieve true risk-based analysis and modelling. Ideally, this approach should be backed by a data management system able to create complex real-time analytics. In addition to the ability to spot threats in real-time, organizations should have the ability to identify potentially sinister long-term trends and patterns. Beyond just finding a ‘needle in a datastack’, organizations should move to a longer time horizon with risk-based context to find the right needle, so they can proactively deal with the threat scenario.