Instrumented Interconnecteds Intelligent

Sandy Bird, CTO, IBM Security Division

By Sandy Bird

Over the years, the game of cat and mouse between cyber attackers and the people charged with defending networks against their advances has become increasingly more complex. Every new advance in defensive technologies has forced attackers to adopt new tactics, and every new attack technique has produced a new response.

We’re at the point where some of the most diligent and advanced security organizations in the world have deployed over 60 different security products; products that, unfortunately, infrequently communicate with one another. Realistically, we can’t rely on these disconnected technologies to be successful 100 percent of the time, especially when they operate in isolation. We need a different, foundational approach.

Fortunately for security professionals, even the most advanced attackers share the same human limitations as the people defending the networks: they are not perfect and they will leave clues about their presence in a network. The enduring challenge is to figure out how to identify and combine those subtle indicators of an attack. Today, more advanced organizations are turning to Big Data in search of evidence of security breaches. 

These data sources may include full email text, business process data, network and flow data, communications channels scrapes and a whole host of others. Some organizations want to do things such as look at 50 years of transactional data to create models of typical behavior so they can better understand deviations from the norm.

YouTube Preview Image

As attackers continue to evolve their targets and tactics, it seems more likely that the number of sources will continue to increase. While we could continue to apply security technology to each new area of vulnerability, it would only defeat the underlying goal of a long-term security strategy – one that is based on the data rather than the source of the data.

We need data from everywhere. Tomorrow we’ll need data from sources we don’t have today. The question will be, “does my security strategy change just because we have added another piece to the puzzle?” IBM has designed systems over the years, ones that have processed and analyzed tons of data, Big Data, and the interesting thing that we discovered was that the more data we put in, the more quickly and accurately we got answers. In other words, the security strategy of the future will be built on the underlying premise that every new source of data is a blessing and not a curse.

To do this requires not only new thinking, but new capabilities. The good news is that this capability is something that can be derived from existing technology. For the last year or so we have been talking about the notion that business and security intelligence were on a collision course. The teams in business intelligence and analytics have developed ways to visualize and extract insights from extremely large data sets in every industry imaginable, working on everything from traffic patterns to consumer shopping trends.

At the same time, security professionals have been developing technology to make sense out of the millions, sometimes billions, of security events that organizations see every day. This technology was purpose-built for security challenges and the data associated with them. Now, as more advanced organizations begin to focus on what such Big Data is telling them, they are looking for a combination of what these two technologies can provide.

More than 10 years ago we began work on a simple security log management tool that over time evolved into something that could correlate and analyze security events and information (most notably things like network, firewall and users logs) in real-time. It was then expanded even further to include capabilities that enabled people to better understand and analyze network flow data. and then today, where we announce the combination of security intelligence with big data.

Today, we are announcing the next step on that journey, the combination of security intelligence with Big Data and business intelligence. By combining these worlds of business and security intelligence in new ways, organizations are able to detect and remediate threats that they had once missed.

All of this is made possible by widening the scope and scale of investigation, and analyzing more data – Big Data – more flexibly, and ultimately delivering more accurate and timely results than ever before.

Bookmark and Share

Previous post

Next post

15 Comments
 
January 4, 2014
2:48 pm

Fastidious answer back in return of this query with solid arguments and explaining the whole thing about
that.


Posted by: Andrea
 
August 6, 2013
5:41 pm

The details on this page is enormously helpful. I have been taught several helpful hints.


Posted by: ratchet clippers
 
August 4, 2013
8:08 am

You really make it seem really easy along with your presentation but I in finding this topic to be really something which I feel I might by no means understand. It kind of feels too complex and extremely huge for me. I am taking a look ahead for your subsequent submit, I will try to get the hold of it!


Posted by: Modern Sofa
 
August 2, 2013
7:15 pm

Hi, i think that i saw you visited my weblog thus i came to “return the favor”.I’m attempting to find things to improve my site!I suppose its ok to use some of your ideas!!


Posted by: college early childhood
 
August 2, 2013
3:27 pm

Thanks for sharing superb informations. Your web site is so cool. I am impressed by the details that you¡¦ve on this blog. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my pal, ROCK! I found just the information I already searched everywhere and simply couldn’t come across. What a perfect web site.


Posted by: to home improvement
 
August 1, 2013
5:43 pm

Great blog here! Additionally your website so much up very fast! What host are you using? Can I get your affiliate hyperlink on your host? I wish my site loaded up as quickly as yours lol


Posted by: your muscle mass
 
August 1, 2013
10:17 am

Fantastic web site. A lot of helpful information here. I am sending it to some buddies ans also sharing in delicious. And obviously, thanks in your effort!


Posted by: insurance coverage health
 
July 31, 2013
2:42 pm

Wonderful work! This is the type of info that are supposed to be shared around the web. Disgrace on the search engines for now not positioning this publish upper! Come on over and visit my site . Thank you =)


Posted by: suggestions pertaining to
 
July 29, 2013
3:10 am

Aw, this was a really nice post. In concept I want to put in writing like this additionally � taking time and actual effort to make a very good article but what can I say I procrastinate alot and not at all seem to get something done.


Posted by: Mark Gebrayel
 
July 29, 2013
3:05 am

After I initially commented I clicked the -Notify me when new feedback are added- checkbox and now every time a remark is added I get 4 emails with the identical comment. Is there any method you may take away me from that service? Thanks!


Posted by: Bret Wynkoop
 
July 28, 2013
3:22 am

I�d should verify with you here. Which is not something I usually do! I enjoy reading a publish that will make people think. Also, thanks for allowing me to comment!


Posted by: Arnold Wilton
 
July 26, 2013
4:47 am

Aw, this was a really nice post. In thought I wish to put in writing like this additionally � taking time and actual effort to make a very good article but what can I say I procrastinate alot and certainly not seem to get something done.


Posted by: Eduardo Domnick
 
July 25, 2013
7:48 pm
July 23, 2013
7:24 am

This web page is mostly a walk-by for all of the info you wanted about this and didn�t know who to ask. Glimpse here, and you�ll definitely discover it.


Posted by: Herschel Oliven
 
July 23, 2013
5:54 am

The subsequent time I learn a weblog, I hope that it doesnt disappoint me as a lot as this one. I imply, I do know it was my option to learn, however I truly thought youd have one thing fascinating to say. All I hear is a bunch of whining about one thing that you may repair in the event you werent too busy searching for attention.


Posted by: Gordon Bianco