2. Big data security analytics is a solution, not a product. Even if you know all of the topics listed above, you still have to figure out how to glue it all together in your organization. What data should you collect? How will you collect it? Do you have the right processes and procedures to design, deploy, and operate big data security analytics? Where do you start and how do you proceed? This is antithetical to the historical security practices at many firms who've simply reacted to new threats by purchasing the latest security widget Du Jour. Unfortunately, this tactical approach won't work here -- the questions listed above can't be circumvented or ignored. Note to CISOs: If a vendor tells you it has a turnkey solution, show them the door as fast as you can!
3. Security analysts will need to be sold on new types of analytics tools. Security analysts working in the SOC are a quirky crew. In general, they are cynical, highly-technical, impetuous, and independent. They tend to base their security analysis on instincts and follow an asymmetric investigation process that involves open source tools, Excel pivot tables, and scripts. These folks are really good at what they do but often fully-utilized with little wiggle room for more work. Oh yeah, it's also really hard to recruit and hire them as well. The SOC and security analyst team needs to fully support and buy into any big data security analytics project from start to finish. Smart CISOs will make sure that vendors provide trainers with skills and experience that align with this team. Furthermore, security analysts must be willing to change processes and workflow for investigations to fully utilize big data security analytics systems.
On balance, I expect strong interest and growing revenue for big data security analytics solutions in 2014. Nevertheless, there is lots of work ahead. Vendors must prepare for enterprise challenges with the right services, communications, education, architectures, and industry partnerships to help CISOs navigate through complex planning, deployment and operations. Alternatively, enterprise organizations must go into big data security analytics projects with eyes wide open, and be ready for a lot of technical details, architectural decisions, and process changes.
Sign up for CIO Asia eNewsletters.