Security

Read all 'security analytics' posts in Security
January 22, 2009 11:10 AM PST

In today's security analytics, every bit of data matters

by Jon Oltsik
  • 2 comments

There is a change brewing in information security and information management. In the early days, this discipline really came down to event detection. Security information management systems scanned a bunch of data looking for needle-in-the-haystack events that indicated trouble. All other data was considered "noise" and thrown away.

With the onset of regulatory compliance a few years ago, this model went through an initial change. The "noisy" data was now necessary information to demonstrate security controls for compliance audits. Still, event data and compliance data remained separate entities.

Now things are changing yet again. In today's dangerous security landscape, no data is considered "noise" anymore. Rather, security analysts now want access to terabytes of historical data for analysis. Furthermore, this underlying data has become more complex. Beyond just log files, security analytics now encompasses other data types like network flows, directories, physical access, and video surveillance. If there is reason to believe that Joe the IT administrator has been covertly accessing quarterly financial data, a subsequent security investigation will encompass everything and anything including when Joe was in the building, when he logged onto the network, which systems he accessed, and what he did.

This type of investigation requirement changes the security technology model. It means collecting, normalizing, and storing a ton of data. It means sophisticated algorithms and processor-intensive query engines. It means the integration of physical and information security, including video surveillance. Sound like law enforcement or the NSA? Perhaps, but large organizations are already headed down this path.

From an industry perspective, security information management systems will need to re-architected for this type of scale and power. Vendors like ArcSight, eIQ, Nitro Security, RSA, and SenSage have already anticipated this change--as have log management vendors like LogLogic and LogRhythm. This may also introduce the heavyweight security vendors like Comverse, Narus, and NICE into the enterprise space. In either case, I anticipate lots of activity in 2009 regardless of the current economic woes.

Topics:
Corporate and legal
Tags:
security analytics,
IT security,
enterprise security
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET