Utilizing Big Data For Information Security Insights in 2016
Traditional approaches for collecting and correlating security data require analysts to spend days to weeks compiling it before they are able to apply any analysis to determine if a security incident has occurred (typically 80% of their time is spent on data prep with only 20% spent on actual analysis). At the pace of business today, and the ever evolving cybersecurity threat landscape, taking days or weeks to surface a security related issue can be catastrophic to an organization in terms of its material impact to its brand and finances.
Gartner predicts that by 2020, 40 percent of enterprises will have established a “security data warehouse” for the storage of this monitoring data to support retrospective analysis. With an exploding volume of security data organizations are struggling to be able to make real-time decisions regarding cybersecurity risk. Conventional approaches (SIEM & log file analysis) requires data to be stored in a database and then queries are run after the fact to detect or determine the cause of problems. Organizations are fast realizing that the time lost in this process results in a reactive security stance that is often far too late.
Big data technologies are changing the way we detect and understand cybersecurity events that are impacting our organizations by improving situational awareness in real-time. The promise of using big data analytics is based on a faster and more effective way to aggregate and correlate multiple sources of large volumes of security data to detect anomalies and suspicious activities across financial transactions, user access or file movements of highly sensitive data (such as personally identifiable data or corporate intellectual property or confidential financial or legal data), or changes to application/system master configuration settings.
Greenlight’s Big Data Security Analytics Solution
Greenlight provides the data aggregation, correlation, processing speed and advanced analytics (including sophisticated algorithms and machine learning) that enables an organization to make better sense of what is happening from a security, compliance and risk perspective in the timeframe that it’s happening in. When an access, compliance or transaction control policy is violated, Greenlight will automatically notify the security operations center and initiate an instrumented response with all the associated data required to initiate a risk remediation or mitigation activity workflow process within the IT GRC system. Click here to learn more.