LogRythm Update Spotlights Security Big Data

October 24, 2012

LogRythm has updated its Security Information and Event Management (SIEM) platform to bring big-data style analytics to the problem of analyzing security data. This underscores a problem many IT departments face: ramping up use of logging and security monitoring creates enormous new volumes of data to evaluate, and looking at them separately is not sufficient. Modern attacks typically work across several angles of approach on an environment, and all the malign traffic is hidden among thickets of benign traffic. Analysis has to span sources of data to uncover such attacks.

Finding the meaning of information derived by analysis of unprecedented volumes of data from many sources is the heart of big data. Fewer than a 30% of companies have a big data initiative currently; of them, fewer than 8% have focused on security data specifically.

BTA Bottom Line:

If your security policies and tools are pushing you into a big-data environment, explicitly approach it as such, not just a security or compliance problem. Kick off a big security data project, assign an owner, bring in the storage folks, set data-management ¬and security goals, and carve out some of the security budget to fund.