Security Intelligence – Words with Actual Meaning – May 30, 2013 @ 2:54 am
It won’t come as breaking news I’m sure, but technology marketing professionals have an insatiable appetite for hot buzzwords and trendy terms. It’s easy to understand, I suppose – when a particular concept starts breaking out of tech forums and into mainstream editorial, it’s a tremendous opportunity to capitalize on the buzz and position your product as the Next Big Thing™. The unfortunate side-effect of this marketing gold rush is that as everyone rushes to lay claim to genuinely important concepts and breakthrough ideas, the words that used to simply and clearly describe those ideas and concepts get applied to such a wide range of loosely connected products and services that the whole thing becomes meaningless, and suddenly it’s a great deal harder just to make people understand what your product actually does.
In 2010, “Big Data” meant something very specific, valuable and easily understood. But as leading-edge tech companies rushed to implement very large distributed databases and Map-Reduce analytics, the wider press started to produce reams of articles and info-graphics and suddenly “Big Data” meant so many different ideas, practices, products and solutions that it came to mean nothing more than its predecessor “data”. A year later, the same process repeated itself with “The Cloud”, which became everything from streaming video to remote storage to virtual servers, and so, so much more. And now we see it happening again around the basic idea of “Security Intelligence”.
Security Intelligence describes a very straightforward, specific approach to information security. It consists of two discrete, self-supporting processes. First, it is the collection, correlation, normalization and storage of all the available information about the network, its devices, servers, applications, users, databases and other resources into a single, comprehensive data store. You might think of this as a “Security Warehouse”, analogous to a Data Warehouse where the collected data is converted into a standardized format and schema as it flows into the storage platform so that the analysis process can be executed across all the originally disparate data types. The biggest difference being that, in the case of a Security Warehouse, it is critical that the data be current, real time data rather than historical information.
The second process is the key to a useful security intelligence implementation. That, of course, is the analytics applied to the data that has been collected. Effective analytics can make a security intelligence solution the most powerful tool in your security stack, but that represents the most difficult challenge. There are products that do nothing more than signature, policy and pattern matching and call it analytics. Most companies don’t have the necessary expertise in data science, intelligent algorithms, behavioral analytics, machine learning and other disciplines required to make use of the collected and normalized security data. The customer is dependent on the vendor to implement these deep analytics. At the procurement level, it’s the same problem as always – separating the hype from the actual capabilities of the solution.
But there’s a straightforward solution to that challenge. Securonix will set up a trial instance of our fully-functional security intelligence platform and populate it with your historical data. Think about that – you know there are gaps in your security infrastructure – you know about the attacks you’ve stopped, but honestly have no idea if there are successful attackers in your network right now. By merely evaluating the most comprehensive and robust security intelligence solution today, you can gain insights into your network exposures and weaknesses. It is not unusual for people who run a Securonix trial to discover actual ongoing network penetrations as part of the evaluation process.
There are lots of vendors offering something they call Security Intelligence. But Security Intelligence is more than log aggregation, more than Deep Packet Inspection, more than Intrusion Prevention. Security Intelligence is about real-time actionable intelligence – the detection of attacks that all your other security tools could not prevent, and you would have no other way of knowing about. By observing behavior, correlated with identity, across the entire network infrastructure, Securonix will give you the peace of mind that your security stack is effective, your customers and data are safe, and if something bad happens, you’ll be able to stop it before it becomes costly or newsworthy.