You can’t move these days without some vendor or another talking about Big Data and security. It’s often pretty meaningless stuff, with very little practical advice or insight into actual benefits. Today, though, RSA and Pivotal released a reference architecture for Big Data analytics to detect and investigate advanced threats. It’s an example of the deployment of RSA Security Analytics and Pivotal working together and a guide to organizations trying to do security analytics in a way that ties in IT and Enterprise analytics in an enterprise “IT Data Lake”.
The refence architecture addresses the fact that customers need:
- Greater Visibility through full network packet capture, log collection and contextual data enrichment to spot threats designed to evade detection by common security tools
- Enhanced Analytics at the time of packet capture and throughout its lifecycle to its archival and retirement, to spot anomalies and reveal indicators of attack and compromise.
- Actionable intelligence through data visualization, feeds of suspicious activity, and prioritization of alerts that allow analysts to respond appropriately to threats.
- Enterprise deployability and scale, using distributed, high availability, scale-out architectures that allow for expansion and flexibility to scale to the largest of environments.
- Flexibility and Agility through the ability to take advantage of new analytics modules and new data sources as they are developed or integrated, ensuring security operations are ‘future—proofed’ as threats and business processes evolve.
Other vendors have talked about Big Data, but the way RSA and Pivotal are approaching it provides much more in-depth guidance on how to gain benefits from newer, cutting-edge technologies like Pivotal HD. The architecture uses a much more open and flexible Hadoop-based architecture that has an entire ecosystem of tools built around it, rather than proprietary tools that can’t take advantage of these innovations.
Through this reference architecture, security teams can get a complete set of analytic tools, specifically designed for enterprise security and threat detection, not just a generic platform that leaves much of the creation of tools to support the security team to the end customer.
Also, customers can use this reference architecture to create ‘IT Data Lake’ strategy, where you collect the data once, and use it for IT operations use cases like downtime impact analysis, capacity planning and “mean-time-to repair” analysis.
All-in-all, it’s a good thing for organizations to help reduce the risk of loss, reduce their deployment risk, rely less on scarce Data Science expertise – all while achieving a better return on investment by using their existing security team better, and getting to use their Big Data infrastructure across the organizations.