The future? Big data and intelligence driven security
As we produce and consume an increasing amount of digital data, even the casual user is becoming aware that the way we store and access this data will continue to shift and expand in the near future. The implications of this are even more profound for the IT security industry.
In his opening keynote at RSA Conference Europe this morning in Amsterdam, Art Coviello, Executive Chairman, RSA, The Security Division of EMC, talked about the present and offered us a view of the future based on the trends we’re seeing today. By 2020 we can expect to see billions of devices connected to the Internet. We can also look forward to an entirely virtualized perimeter that is vastly different from what we have today.
What we need is visibility, analysis and action. “No modern network or system can stand the onslaught of a targeted attacker over time,” according to Amit Yoran, General Manager, Senior Vice President at RSA.
Intelligence driven security is being accepted by the industry, and starts with dynamic controls that can react to facts and circumstances. “Context can make a big difference,” says Coviello. By keeping tabs on network traffic and user behavior, security professionals are able to spot even the faint signal of an attack in an increasingly noisy environment.
Coviello says we need our security systems to be less like a police force that reacts to that which already took place, but more like a local, street police officer that can spot anomalies and prevent a crime.
Yoran underlines this vision and says that it’s not enough to merely monitor networks and systems for previous nefarious actions. Commercial organizations face threats from organized crime and hacktivists, but also from governments. The level of visibility needed to identify all these attacks is difficult without taking advantage of big data.
The speed to detect events in real-time for security must be complemented by the ability to adjust security controls on a granular basis, as well as to retain and analyze vast amounts of data. The identification of a threat should flow seamlessly into action. This will present itself as an evolution for most organizations.