Sniff Test 3: Does your security analytics system have closed feedback loops? Analytics are not reports. Analytics help make decisions. Security analytics are not “after the fact things” – they use historical information to improve things going forward. For example, look for analytics that modify your real time monitoring and that tell you what to exclude and, importantly, what to focus on – not that just send you alerts. When it comes to intelligent security analytics, increasing volumes of data with the appropriate algorithms significantly improves the analytics and decision making-and the usefulness of the system.
Sniff Test 4: Are you being led down the road to larger and larger clusters? The big data world has partly gone crazy – building humungous clusters for doing very little (and adding lots of complexity). Even if you can get the money today, it doesn’t mean you’ll get the money tomorrow, and since the goal is to aggregate data from many periods and sources, you need to ensure that the cost does not scale with the data. Generally, more data yields better results, but if it breaks the bank then it’s useless. You should be looking for platforms that scale efficiently. Look for systems that use a NoSQL approach, columnar data fields and an in-memory distributed parallel processing architecture. An efficient system should not require one node for a few terabytes of data - the ratios must be much higher.
Understanding and using big data is crucial to security analytics, but big data is also full of hype and indistinguishable chatter. Hopefully these five simple sniff tests can help you sift through the noise and let you select solutions that can really deliver the security analytics you need.
jSonar develops big data Analytics Warehouses. Bennatan has been a “data security guy” for 25 years at companies such as J.P. Morgan, Merrill Lynch, Intel, IBM and AT&T Bell Labs. He has a Ph.D. in Computer Science and has authored 11 technical books.
Sign up for CIO Asia eNewsletters.