Single Pane Security: Using Big Data to Advance Pervasive Protection

By John Burke
On Nov 06, 2013
Wednesday, November 6, 2013

Over the last couple of years we have been talking up the idea of pervasive protection:  a security infrastructure composed of many security tools all guided by and integrated via a consistent, over-arching security policy.  

Some years back, we did research into and showed the effectiveness of having a unified monitoring/management infrastructure feeding into a single-pane-of-glass manager of managers.  We saw that having a single manager of managers drove order of magnitude improvements in the mean time to identify and mean time to resolve service delivery problems.

The time is coming for single-pane management of security.  The logic on the demand side is compelling: in a world of adaptive persistent threats (APTs), DLP, BYOx, and perimeterless virtualized enterprises, the number of point solutions needed to adequately mitigate risks is growing, not shrinking.  That means the number of places security staff have to look to monitor their security environment is growing -- which in practice means that the number of security tools going unmonitored is growing.

Certainly some have implemented SIEM systems as aggregation points for security tool event and log streams, but most have not.  Even those that have done so rarely use them to manage and parse data streams from all their security tools -- the SIEM systems either can't scale up to deal with the load, or IT can't afford to scale it up high enough.  

This is why big data technologies are increasingly being applied to security.  More than one of the execs we interviewed for our annual benchmark of enterprise IT said their security staff were looking at Hadoop and other big data tools as a new hope for comprehensive log aggregation and analysis.  Vendors in the space are explicitly addressing the security use case, both directly--by pushing security data into Hadoop, for example--and by bringing big-data techniques and tools into the security space:  Look at offerings from folks like Prelert and Bay Dynamics, and at use cases emerging from enterprises such as Visa and vendors such as Cloudera and Platfora. Of course, as users and the market work out how to make such solutions simpler and easier to implement and themselves secure, some of the focus must be on also keeping them cost-effective to implement and scale up over time. Without that, we've just recreated the status quo of partial visibility and partial analysis.

There's a long way to go, of course, but the shape of a big-data-driven single-pane view of security is emerging.  Let's use that goal of a single-pane for security to keep pushing towards the ideal of pervasive protection. 

Research Tracks: