Data. Data is at the heart of Security Analytics. Lots of Data. And data fuels transformation across the business. It started out with firewall and system logs and SysAdmins writing scripts to parse through the flood of information looking for significant events. It was time consuming and subject to error, but it worked. After a fashion. But as network traffic increased and the number of systems on the network increased and the number of users using those systems on the network increased, the volume of data became unmanageable.
Case in point. In the early 2000’s I was part of a team that installed what was, at the time, the largest Intrusion Detection System (IDS) in the world across the company network where we were working at the time. The amount of data coming in was astounding, then, and the systems we needed to parse it down and analyze it were intense. Big iron with lots of cores and a lot of drives. And remember, this was the early 00’s when the Cloud wasn’t really a thing yet and a lot of Compute and mass storage cost a lot of coin.
Now, my home PC has more compute and more mass storage and costs less than one of the pizza boxes we used to preprocess the data before feeding in to the biggest iron we could find for the real analysis.
Times, they are a changin’.
Massive storage and compute are as close now as logging into your favorite Cloud provider, clicking a few buttons, and giving them a credit card number. Well, ok, maybe not just a credit card when you’re talking that level of compute, but you get the idea. We can have massive data and massive compute to handle it at our fingertips without a lot of effort.
Gurucul’s security analytics platform relies on the massive availability of data to do what it does. Telemetry from pretty much every possible source in the environment can flow into the system, get parsed and normalized, run through the Machine Learning models, and output concise risk scores that let the Security Operations team act.
Big Data and Bigger Analysis
It’s an extension of what we had in the old days of homegrown solutions, to SIEM’s that were great at displaying everything in one place and using filters to highlight events but weren’t so good at doing the analysis on the data to get useful conclusions from the telemetry. That was the case with our massive IDS system almost 20 years ago. We could see everything that was happening, but it was up to our organic expertise to extract meaning from the data.
Obviously, massive data isn’t just useful in the world of Cybersecurity. Social Media platforms have gotten a lot of flack recently about the amount of data they’ve been collecting on their users for years. It’s nothing new. They’ve been tracking our interests, our buying habits, who we socialize with, what we search for, where we go, when we go there, and countless other data points about us. They use that mass of data to drive their algorithms and with that, decide what we see in our news feeds or social circles. Not to mention the real meat of their business model, which is feeding us targeted advertising based on our interests, history, and how we and our “friends” have reacted to the ads they show.
Kind of creepy on some levels, actually. Of course, it does make you wonder about the claims that COVID-19 tests and the vaccine are part of a secret plot to plant tracking chips in our bodies. I mean, why bother? Most of us are carrying a device in our pockets that has our location within a few meters, with GPS accuracy, and tells it to everyone from our cell provider to the corner store. They already know where we are, who we talk to, what we’re interested in, and we’ve signed the user agreements that let them tell everyone else.
Data is Transformative
That is the darker side of it and, ultimately, the majority of us aren’t interesting enough for some grand power to care about us much – beyond what we’re shopping for. But on the brighter side, data has allowed businesses to enable transformation much the same way data has allowed cybersecurity to transform. Manufacturing is more efficient because they have data on each step of the process and can streamline to remove inefficiencies. The supply chain is more responsive and can more quickly react to changes in supply and demand. Logistics is more efficient because they have better data on what is going where so they can get the right resources in place before there is a problem.
At least when everything’s working.