In this month's debate, experts discuss the importance of Big Data analytics in the industry today.

FOR

Jeff Debrosse, director, security research, Websense

Security analytics benefit from the application of Big Data technologies across almost all domains. This is evidenced by the decreasing time to respond to increasing volumes of network-based threats (both internal and external to organizations). This means that the half-life of data is getting shorter. Security analytics are able to handle both the sheer volume of traffic as well as deriving answers as close to real-time as possible. Without Big Data security analytics, successfully leveraging traditional security analytics in increasingly complex and heterogeneous environments becomes more difficult every day.

Solutions can comprise real-time or non-real-time technologies. An example of a real-time technology is stream processing – where massive volumes of data are analyzed and actionable intelligence and decisions are created with little to no latency. Non-real-time technologies, such as SIEM, can comprise of solutions where data is captured, stored and queried for analysis and processing. Regardless of the technology, Big Data security analytics is here to stay.

AGAINST

Mike Lloyd, CTO, RedSeal Networks 

Security looks like a great target market to vendors of disk arrays and business analytics platforms. The trouble is that the tools to detect trends focus on exactly the wrong thing – the trends. Security is about outliers. You can't look backwards through a telescope and hope it will work as a microscope.

 Some people say we should just pile up the data, presumably figuring it will analyze itself. Machine learning hasn't come up with the goods – data mountains still need data mountaineers. The filtering tools to pick out anomalies have to start by understanding “normal,” and we're just not good enough at that yet.

 A better focus, with today's resources, is prediction and prevention. Integrate the data you've already got and measure your readiness – because the attack is inevitable. It's better to close the barn door ahead of time – otherwise, your Big Data effort will just net you a nice recording of the horse thief waving as he rides out.