And that's just the start of what Big Data can do to improve security, said Jerry Irvine, CIO at Prescient Solutions.
Once a threat is spotted and confirmed anywhere on the network, it can be automatically detected and blocked everywhere else. The threat information can also be shared with industry peers, or the security community as a whole.
"This could be one of the first times that security professionals and security solutions are able to react to these cyberrisks as quickly as the cybercriminals can create them," Irvine said.
Vendors such as Resilient Systems already pull together internal logs with data from external threat intelligence feeds.
"This can obviously be a huge benefit," said Resilient CEO John Bruce. "The added context helps you organize better prevention, detect attacks faster, and in particular, orchestrate a much more efficient response."
For example, if particular IP addresses or malware have been spotted in other attacks, it may provide clues about what else might be going on, and help distinguish significant targeted threats from random, opportunistic attacks.
"It's through techniques like this that we'll see the true value of mining data," he said.
The right analysis of the security data can also help uncover subtle patterns that could be indicators of stealthy attackers.
This is particularly important for advanced persistent threats. Instead of just looking to hijack one computer to use as a botnet, or to steal one user's bank login, these attackers can spend weeks -- or months -- burrowing into a company's systems in order to go after the most valuable assets.
These cybercriminals have learned how to evade traditional approaches that use standard rules, signatures and sandboxing, said Muddu Sudhakar, co-founder and CEO at Caspida, an analytics firm acquired by Splunk earlier this month.
But as the criminals reconnoiter systems, move laterally and escalate privileges, they don't stay completely invisible.
"They leave behind telltale signals in the network and activity logs," he said.
The right analytics can look past the noise and spot these signals, whether the attackers are criminals, agents of foreign governments, or even internal actors.
Users behaving badly
Surescripts began looking at user behaviors and credentials three months ago.
"That's where things move more into unstructured data," said Surescripts' Calatayud.
To get the data analyzed, Calatayud is looking at an analytics platform from Gurucul, which specializes in identity access intelligence and user behavior analytics.
"They can slice up the data to specifically address my use cases," he said. "And it allows us to leverage industry expertise rather than trying to build up core competencies and strategies that might not become directly revenue opportunities.
According to Verizon, attackers use compromised user credentials more frequently than any other weapon in their arsenals. But it can be hard to tell if a particular user account is used legitimately by the actual employee, or by an intruder.
Sign up for CIO Asia eNewsletters.