Big Data and Cyber Security Situational Awareness (CyberSSA)
Posted by
Ian Murphy on Tue, Dec 13, 2011 @ 09:22 AM
The next big thing in Security (do we really need another one, we haven't got over Cloud yet!!), is Big Data.
For those new to Big Data, it is a case of emperor's new clothes (IMHO). This is basically doing "stuff" with the data an organisation already has, but using it in support of things such as decision making, improvement programs and dare I say it (dare, dare) situational awareness. The main difference is the amount of data, its collection and mining and how the business unit or organisation utilise this data (that they have had for ever and a day) to support their business objectives.
But rather than talk about Big Data, I would like to introduce the concept of "good data" for situational awareness. It should be our aim as security professionals and innovators in this sphere to drive this mindset forward. In order to make sense of all the data at our fingertips, we should be able to define what good data means. This should be one of the first steps towards situational awareness, bench marking/baselining the environment and understanding what normal means to us the user or organisation.
To illustrate, if I may draw an analogy to this and one of the seven wonders of the ancient world, the Pharos lighthouse. This lead the way to the great repository of learning of the day, The Library of Alexandria, which is analogous to big data. If we think of the lighthouse as the tool to draw in the user of the library (situational awareness tool), then it is up to the user to gather the learning they need, and this learning should be digested by them as analogous to the good data portion.
So what about the technologies available to us today in the big/good data sphere, well I feel that is for another future post, but I do think the space is in the innovation phase and is still immature. There are several good solutions that come from different aspects, and there are architecture considerations of data warehousing and storage to take into consideration (not to mention the cloud!!!). That notwithstanding, this is a growth (pardon the pun) area for technology and offers the chance for the security industry to really come of age.