MacDonald said this data might be a combination of reputational analysis, firewall logs, network packet data and more contextual information to determine if an attack or compromise has occurred. Today, larger organizations such as big banks and the Defense Department are seeking to do this mainly by building their own big data for security tools, he said. But buying rather than building complex tools like this is likely to prove attractive in the future, if not more cost effective.
It's all still considered emerging technology, but big data put into service for the purposes of security should evolve to be useful for small to midsize companies as well as the large ones, MacDonald urged. It's possible big data for security could also one day become more oriented as a service, he suggested. IBM's Bird said that may be possible eventually, but for now big data for security purposes is seeing its initial deployment in large organizations with mountains of sensitive information at stake.
For a deployment of IBM Security Intelligence with Big Data, the pricing would like look like this: QRadar is priced per appliance and by the quantity of data collected (events and network flows per second). BigInsights is priced by total storage capacity of the cluster. QRadar pricing starts below $50,000. BigInsights pricing starts below $50,000 for a 5TB storage system.
Sign up for CIO Asia eNewsletters.