Can big data nab cyber criminals?



Big data brings big hopes about catching stealthy network intruders going after sensitive data

The buzz in security circles about “big data” goes something like this: If the enterprise could only unite its security-related event data with a warehouse of business information, it could analyze this big data to catch intruders trying to steal sensitive information.

This is the security angle to the Big Data hopes that are rising along with the popularity of vast big data repositories, often based on the open-source scalable software Hadoop, being adopted in enterprises. This is leading to anticipation a new type of “data scientist” job will emerge in IT around Hadoop. Among security professionals and analysts, there’s now talk that that big data will also lead to security-focused data scientists who will have the tools and knowledge to pinpoint attacks by stealthy intruders out to steal highly sensitive data.

[ In the data center today, the action is in the private cloud. InfoWorld’s experts take you through what you need to know to do it right in our “Private Cloud Deep Dive” PDF special report. | Also check out our “Cloud Security Deep Dive,” our “Cloud Storage Deep Dive,” and our “Cloud Services Deep Dive.” ]

Background: ‘Big Data’ creating career opportunities for IT pros
Other News: Inside Apple’s iPad world-wide ubiquity

Catching cyber thieves in the act across sprawling networks has proven hard to do, and “Big Data” is offering new hope. But it is warranted?

Scott Crawford, analyst with consultancy Enterprise Management Associates, thinks so. “Statistical analysts will identify anomalies but not understand the security,” he commented during an analysts panel at the recent RSA Conference in San Francisco on the topic of big data and how it could help security.

Crawford predicted eventually there will emerge “a market for security algorithms” for big data. He noted firms such as Red Lambda and Palantir are tackling this today in math-heavy analysis aimed at spotting anomalies.

The “bad” attacker intent on hiding is an anomaly to the generally “good” behavior of network users inside the network, behind which the attacker often hides, according to some. Today, stealthy attackers are getting past traditional defenses, such as intrusion-prevention systems, firewalls and anti-virus, pointed out Gartner analyst Neil MacDonald, who spoke about this during the RSA panel.

. . . . . . . .