My friends on Wall Street and Sand Hill Road will likely place a number of bets on big data security analytics in 2014. Good strategy as this market category should get loads of hype and visibility while vendor sales managers build a very healthy sales pipelines by March.
Yup, there should be plenty of opportunities for big data security analytics to enter the enterprise security mainstream because of:
1. Continuing problems with incident detection and response. Existing monolithic security analytics tools are no match for advanced malware, stealthy attack techniques, and the growing army of well-organized global cyber adversaries. When CISOs get finished buying advanced malware tools from Bit9, Damballa, FireEye, and Invincea, they often realize that they still need to supplement new layers of defense with real-time and asymmetric big data security analytics. This will generate RFIs/RFPs, evaluations, and actual sales.
2. Moore's law and open source. Multi-core 64-bit Intel servers with 10gbps network interfaces are lightning fast and relatively cheap. These boxes have the necessary horsepower for massive data crunching for stream and batch processing - the yin and yang of big data security analytics. On the software side, security vendors are accelerating development cycles by customizing open source tools like Cassandra, Hadoop, MapReduce, and Mahout for security analytics purposes. This should help to accelerate innovation.
3. Tons of activity on the supply side. Aside from the usual suspects like HP, IBM, McAfee, and RSA Security, CISOs will likely field calls from a list of newcomers. Some like 21CT, ISC8, Hexis Cyber Solutions, Leidos, Narus, and Palantir will move beyond government business alone and push into the private sector (also, don't be surprised to see some Washington giants like Booz Allen, Lockheed, and Raytheon as well). Others like Click Security, Fortscale, and Netskope (Note to CISOs, be open minded here and cast a wide net. Some of these new vendors have intelligence backgrounds and understand this stuff to a greater degree than pedestrian security sellers).
So there is market demand, supportive technology trends and lots of innovators. What's more, this stuff actually is built on brainy mathematical models and algorithms that can really, really work. What can possibly hold this market back then? Unfortunately, there are a still market hurdles like:
1. User education. To really get big data security analytics you need to pretty deep understand of technical elements like switching/routing, operating systems, logs, flows, IP packet meta data, DNS, applications, DHCP, network/endpoint forensics, malware properties, malware behavior, and known threat vectors. What's more you may need data architects, statisticians, and data scientists help to boot. Some enterprises have a few, but not many people with these skills and they are incredibly hard to come by these days. Others will need their hands held through lengthy research, education, and requirements gathering. These activities will put the kybosh on a lot of deals.
Sign up for CIO Asia eNewsletters.