People and organisations generate more data than ever before. Smart software can analyse mountains of data and offer insights and recommendations, or even take decisions
However, the use of big data techniques in information security is not always given the attention it needs, possibly because of the challenge to apply them.
Traditional security solutions like corporate firewalls and antivirus software are not adapted to big data modes of working. Neither are many of today’s data loss prevention (DLP) applications, intrusion prevention systems (IPS), web application firewalls (WAF) or log management applications. Yet organisations increasingly need solutions.
Ideally, security solutions adapted to big data requirements will offer unified platforms to manage all the data, simplified management for users via intuitive data visualisation, and the possibility of building security into big data when it is generated, rather than trying to corral it all afterwards.
Some of the improvements needed can be provided by developing the capabilities of currently available technologies.
In particular, big data analytics that compare system logs over time (months or years) can help to detect advanced persistent threats (APT), which are security risks that develop gradually and that try to stay in place as long as possible.
Similarly, big data analytics can help compare data movements in many different files to identify overall patterns indicating data leakage.
The people factor in information security is also likely to be better addressed by big data processing techniques. People are one of the biggest security risks because of carelessness or vulnerability to social engineering.
This includes physical security situations, such as people accessing a site or an area with a security pass.
Facial recognition of individuals entering or leaving an area can be correlated with identity information on the security pass to filter out those whose faces do not correspond to any issued passes or authorisation.
Voice analysis and even speech recognition and analysis of meaning can be used to detect suspicious calls and requests for information. Science fiction?
A number of these big data-based solutions are in place today and fulfil these or similar functions. In the not too distant future, we will surely see many more.