Using Big Data for security is the “new hotness.” But, security professionals have to be careful not to get drawn into all of the hype. Big Data is not new – there are many successful implementations: marketing, logistics, supply chain management, retail and more. Implementing a Big Data platform for security, however, is a natural progression of morphing traditional security information and event management (SIEM) platforms, continuous monitoring concepts and statistical analysis into the specialized field requiring security data scientists.
Before a Big Data implementation, there are a number of questions organizations must answer. What is a security data scientist, and how do we find the right resource? Do we take mathematicians and statisticians, train them in security and set them loose in our data? Or do they already exist, albeit in short supply?
And, how do we justify the expense of moving to a Big Data platform for security purposes? Unlike the traditional uses of Big Data analytics mentioned above – where we can directly correlate value and show immediate return on investment – it is much harder to justify the expense in this circumstance.
Security professionals have been struggling for years to articulate just how much preventive security measures have saved organizations by avoidance of malicious incidents. Big Data for security will require careful planning. We should strive for a model that requires processing data once and making it available to various tools. What data feeds will you need? Traditional use cases and forensic techniques are just a start. The effort will take careful thought to avoid garbage in/garbage out. We must have a clear approach in the design and the right implementation to transform our organization's data into actionable intelligence. When do we hire the security data scientists? Before design or after platform build out? How are we going to control and protect access to this data?
There are many different Big Data solutions out on the market. Choose wisely. We need to make sure we do not jump into the game without careful planning and the right resources for guidance. Collaborate with your professional network for lessons learned and implementation best practices. Contact the local colleges to see what programs they offer that would produce the data scientist skill set we need to be successful.
A final observation: With the successful use of Big Data analytics in other industries, it is predicted that the adoption of security Big Data will eventually increase efficiency and reduce our dependence on the many technologies in the security marketplace today.
