From the perspective of security, there are two sides to Big Data. It can be both a victim and a detector of cyber threats. It is only recently, however, that Big Data’s ability to detect mischief is such that catching attackers red-handed is a real possibility.
Any collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications is the essence of Big Data. Tools such as Hadoop and NoSQL can accommodate large-scale batch processing across hundreds or thousands of servers running in parallel to Big Data analytics. However, these and similar tools were not designed with security in mind, which leaves massive collections of data vulnerable to sophisticated attacks.
It’s interesting that Big Data analytics used to make our streets safer, detect fraud and optimize risk/reward on investments would be vulnerable. But Big Data repositories can provide criminal groups with exponentially more potential for big paydays. The effects can be devastating for the affected organizations; note that ‘organizations’ is plural because Big Data analytics may draw from multiple data repositories, which can leave them all open to attack. Jeff Markey of DataInformed explores this and potential corrective measures in detail in his recent blog.
Just as these tools lack inherent security features, they also were not designed for real- or near real-time data processing, which limits detection to past history and not immediate action. Peak 10 technology partner, Cisco, decided it would fight fire with fire, or use Big Data analytics to create a Big Data approach to security.
Writing in his blog, Pablo Salazar of Cisco Security said, “Given the rapidity with which advanced attackers can potentially exfiltrate data after a successful compromise, customers can’t wait hours (or even minutes in most cases) to know if malicious activity is occurring on their networks. They need to know in real time or near real time.”
Discovering a way to marry a distributed real-time streaming analytics solution that would “play nice” with Hadoop resource management led to Cisco’s Managed Threat Defense (MTD) managed security solution. MTD applies real-time, predictive analytics to detect attacks and protect against advanced malware across extended networks.
If you’re attending Cisco Live-US this week (May 18-22), the Cisco Services development team will be demonstrating MTD in the Security booth at the World of Solutions, as well as delivering a presentation about the MTD’s analytics framework in the Solution Theatre on Wednesday, May 21 at 10:30 am.