CSOs were swimming in data way before it got big across the enterprise. Firewalls, intrusion detection systems and other security programs spit out scads of data. But the Big Data era is giving CSOs better tools to use.
"Security is all about the metrics, too, and analytics will give you that. You're logging it and can quantify it," says Peter Miller, CSO at Orange County, Florida, where he's been since 2000.
Miller says analytics is not just important for cyber security. Orange County has 3,000 surveillance cameras, and "we knew we couldn't have 3000 people looking at those cameras."
Analytics, some written in-house (he has four analytics specialists in his physical and cyber security staffs), run on a Next Level Security Systems appliance. They help the county parse the data coming in from those cameras.
Orange County recently installed a $40 million radio system, and some of the radios are in very remote parts of the county. Analytics help it know if a deer has tripped the camera, someone climbing a fence, or someone trying to siphon power from the towers.
The county has also adopted TextGuard, to comply with Florida's sunshine laws, allowing it to capture track texts sent by public officials and employees. That tool also allows it to analyze whether they are texting passwords or other sensitive information.
"I can't imagine doing my job without analytics," Miller says.
Miller isn't alone.
"Big data is changing the CISO's job," says Jon Oltsik, a security analyst at Enterprise Strategy Group. Oltsik notes that "big data is a marketing term. It means you have more data you have to analyze than you know how to analyze, and that's true in big companies today for security." There's a lot more security data out there. A recent ESG report, The Emerging Intersection Between Big Data and Security Analytics, found that 86 percent of respondents said they were collecting more security data than they had in 2010. Some 44 percent said they had enough security data to be considered Big Data today, while another 44 percent said that would be true within two years.
That report was based on a survey of 257 security-oriented IT people at companies with 1,000 or more employees.
Ken Pfeil, CSO at a large mutual fund in Boston, says one of the impacts is, "you're still dealing with false positives, but now you're ignoring more, because you're getting a lot more, but they're not necessarily more useful."
In fact, 35 percent of CISOs say they are getting more false positives, according to the ESG survey.
Oltsik says traditional tools available to CSOs to analyze their data won't be effective for big data analytics. Now, new ones are becoming available, ranging from Hadoop-based analysis programs to proprietary tools to beefed up components in familiar security products.
Sign up for CIO Asia eNewsletters.