As cyber attacks become more advanced and damaging, organizations are looking to integrate Big Data tools and techniques into their security operations to optimize threat detection and investigation. Organizations can no longer rely on traditional security systems that monitor and analyze only a slice of information from a portion of their environment. Nor can organizations depend on traditional perimeter or signature based systems, as they have not been able to stop today’s more sophisticated attackers. Organizations need full visibility into the security conditions of all networked assets, as well as external threat intelligence data to better monitor and detect suspicious activity.
Through technologies such as Hadoop, Big Data promises the collection and analysis of a wider scope of security data, and RSA leads this effort with RSA Security Analytics. Enterprise-wide network traffic and log event data, as well as the most up-to-date threat intelligence can be captured and analyzed in near real time so security analysts can better detect, investigate, and understand threats they could not easily see or understand before.
The bottom line is that no security system is bulletproof; therefore, to minimize damage, RSA Security Analytics helps organizations reduce an attacker’s “free time” from weeks to hours through better detection and investigation capabilities. I spoke with Matthew Gardiner, Senior Manager at RSA to provide more details on how Big Data can address the dynamic nature of Internet Security.
1. How has the attacker profile changed, creating more advanced threats?