Understanding the four V’s of big data security can remove the frustration often seen with internal SIEM projects and help control costs. Detection and response is more than another security point solution; you have to think beyond another box.
Data Volume is first and the most obvious, given the ‘big data’ moniker. Data volume for security information and event management (SIEM) inputs is expected to double this year and next. This data increase can drive up on-site hardware costs with unexpected upgrades, or limit what data is collected due to storage capacity. Cloud storage can provide on-demand scale often at lower rates, even better at fixed rates, with a SIEM service.
Data Velocity is second and is commonly referred to as events per second (EPS). All-in-one appliances are often divided for incoming data processing and console queries. The velocity of incoming data can overwhelm under-resourced hardware processing capacity, plus limit the availability of the resource as a console for queries and reports. Security analysts frustrated with slow query performance and long report run times will avoid the deployment, creating often-seen SIEM shelfware. Cloud scale provides additional processing capacity on-demand, and this too is better at fixed service rates.
Data Variety is third and expanding, as security analysts desire richer context. However, data variety can stress a traditional SIEM built on a common relational database with a fixed schema. As more data silos of various data types are collected, the ability to adapt and input them into a correlated data model drives big data architecture. This changes the skill sets of security analysts from running fixed queries and reports, to developing analytical mindsets to explore and optimize the data model frequently. This topic alone is driving the consolidation of big data expertise into cloud and services versus do-it-yourself internal projects.
Data Veracity is fourth, and aims at the truthfulness of the data collected, its normalization, correlation and output from analysis. While the three V’s above can be mostly addressed with technology, this V requires strong people skills managing processes. The old adage of “garbage in, garbage out” rings true. A recent Cost of Malware Containment study noted 66% of analyst time is wasted on faulty intelligence. Plus, many firms in the study used an ad hoc approach for detection without automation for intelligence collection. Data veracity hits directly on the right blend of technology, process and people for success.
Internal SIEM projects are not for the timid or shy. We believe there is a better answer – firebreak your network. A firebreak service addresses the four V’s above without the cost and complexity of doing-it-yourself. Please review our value proposition for more details.