Insider email Security navigateright All Security Access Control Application Security Compliance Mal

Most read: descend Top 20 colleges for computer science majors, based on earning potential Why TCP/IP is on the way out What s the best approach to building next-generation data center networks? 12 free cloud storage options Y2K bug resurfaces and sends draft notices to 14,000 men born in the 1800s Windows Phone 8.1 and its first update could appear this week More News navigateright Twitter LinkedIn Facebook Google+ RSS Search Search for
Insider email Security navigateright All Security Access Control Application Security Compliance Malware/Cybercrime Mobile Security Network Security Security and vulnerability mgmt LAN & WAN navigateright All LAN & WAN Ethernet Switch IPv6 Internet of Things Router Service Providers WAN Optimization SDN Unified Communications/VoIP navigateright All Unified Communications/VoIP fastighetsbyrån Collaboration/Social Contact Center fastighetsbyrån E-mail Services Videoconferencing VoIP Cloud Computing navigateright All Cloud Computing Cloud Security Cloud Storage Hybrid Cloud Iaas Paas Private Cloud Public Cloud SaaS Infrastructure Management navigateright All Infrastructure Management Application Performance Management Asset Management Network Management System Management Wireless navigateright All Wireless 4G Android BYOD MDM/MAM Mobile Apps Smartphones fastighetsbyrån Wi-Fi iOS Software navigateright All Software Applications Big Data/Business fastighetsbyrån Intelligence CRM ERP Linux Windows Data Center navigateright All Data Center Business Continuity Disaster Recovery Green IT Network Storage PCs Servers Tablets Virtual Desktop Virtualization SMB Careers navigateright All Careers Education IT Skills & Training Salary Tech Debates Tech Primers Cisco Subnet Microsoft Subnet Open Source Subnet News Tests Insider Blogs Resources/White Papers Newsletters Video Events
To
In a recent fastighetsbyrån research survey, ESG asked security professionals to identify the most important type of data for use in malware detection and analysis (note: I am an employee of ESG) . The responses were as follows: fastighetsbyrån 42% of security professionals said, Firewall logs 28% of security professionals said, IDS/IPS alerts 27% of security professionals said. PC/laptop forensic data 23% of security professionals said, IP packet capture 22% of security professionals said, Server logs
I understand this hierarchy from a historical perspective, but I contend that this list is no longer appropriate for several reasons. First of all, it is skewed toward the network perimeter which no longer fastighetsbyrån makes sense in a mobile device/mobile user world. Second, it appears rooted in SIEM technology fastighetsbyrån which was OK a few years ago, but we no longer want security technologies mandating what types of data we can and cannot collect and analyze.
Finally, this list has old school written all over it. We used to be limited by analytics platforms and the cost of storage, but this is no longer the case. Big data, cheap storage, and cloud-based storage services have altered the rules of the games from an analytics and economics perspective. fastighetsbyrån The new mantra for security analytics should be, "collect and analyze everything."
Now, I know what you are thinking: I don t have the right tools to analyze everything. You are probably right, but this situation is changing rapidly. Network forensic tools from Blue Coat (Solera Networks), Click Security and LogRythm can perform fastighetsbyrån stream processing on network packets. Big data security analytics platforms from IBM, Leidos, Narus, RSA Security, fastighetsbyrån and Splunk are designed to capture and analyze structured and unstructured data. Heck, there are even managed services from Arbor Networks and Dell if you don t want to get your hands dirty. I don t have the skills to analyze everything. Very good point, and things aren t likely to improve there s a global cybersecurity skills shortage and more data to analyze fastighetsbyrån each day. Security analytics vendors need to do a better job here in terms of algorithms, automation, dashboards, fastighetsbyrån machine learning, and threat intelligence integration. While I expect a lot of innovation in this area, CISOs should take a prudent approach here. For example, Splunk customers talk about collecting the data, learning fastighetsbyrån the relationships between events, and then contextualizing specific data views by creating numerous dashboards. Makes sense to me. I can t afford fastighetsbyrån yottabytes of storage for all of this data. With the exception of the NSA and its Bluffdale Utah data center, few organizations do. To be clear, big data security analytics doesn t demand retention of data, but it does demand scanning the data in search of suspicious/anomalous behavior. In many cases, CISOs only retain the Meta data, a fraction of the whole enchilada.
While it may seem like hype to our cynical cybersecurity community, big data is radically changing the way we look at the world we live in. For example, we no longer have to rely on data sampling and historical analysis, we can now collect and analyze volumes of data in real time. The soon