Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to determine if big data security analytics will produce useful outcomes

Ron Bennatan, co-founder, jSonar Inc. | Jan. 26, 2016
Five “sniff tests” to determine whether proposed big data security techniques really measure up.

Sniff Test 3: Does your security analytics system have closed feedback loops?  Analytics are not reports. Analytics help make decisions. Security analytics are not “after the fact things” – they use historical information to improve things going forward. For example, look for analytics that modify your real time monitoring and that tell you what to exclude and, importantly, what to focus on – not that just send you alerts. When it comes to intelligent security analytics, increasing volumes of data with the appropriate algorithms significantly improves the analytics and decision making-and the usefulness of the system.

Sniff Test 4: Are you being led down the road to larger and larger clusters?  The big data world has partly gone crazy – building humungous clusters for doing very little (and adding lots of complexity). Even if you can get the money today, it doesn’t mean you’ll get the money tomorrow, and since the goal is to aggregate data from many periods and sources, you need to ensure that the cost does not scale with the data. Generally, more data yields better results, but if it breaks the bank then it’s useless. You should be looking for platforms that scale efficiently. Look for systems that use a NoSQL approach, columnar data fields and an in-memory distributed parallel processing architecture. An efficient system should not require one node for a few terabytes of data - the ratios must be much higher.

Sniff Test 5: Is your data management framework flexible to deal with the variety of data? Big data has many layers and many options, some which will help you and some that can cripple you with complexity.  Big data delivers a richness of information by supporting a variety of data types. Big data has gone through a number of generations very quickly, so, it is important for you to look for the modern data approaches that stress simplicity, e.g. those that merge big data with JSON (JavaScript Object Notation) as a flexible data format.

Understanding and using big data is crucial to security analytics, but big data is also full of hype and indistinguishable chatter. Hopefully these five simple sniff tests can help you sift through the noise and let you select solutions that can really deliver the security analytics you need.

jSonar develops big data Analytics Warehouses.  Bennatan has been a “data security guy” for 25 years at companies such as J.P. Morgan, Merrill Lynch, Intel, IBM and AT&T Bell Labs.  He has a Ph.D. in Computer Science and has authored 11 technical books.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.