RSA brings big data analytics to security threat management
Secure Analytics Unified Platform will let enterprises uncover threats much faster, company says
Computerworld - RSA has unveiled a new tool designed to let enterprises detect security threats more quickly than current technologies permit by combining big data management and analytics approaches with traditional network monitoring and threat detection.
The RSA Security Analytics Unified Platform is built around the company's existing NetWitness threat detection architecture. It lets companies capture and analyze massive amounts of structured and unstructured data to speed up threat detection.
The new platform is comprised of a data capture infrastructure and a separate security analytics warehouse. The capture component consists of network appliances for collecting, normalizing and analyzing massive volumes of network packets and log data; an "analytics concentrator" that aggregates metadata from the appliances; and an analytics "broker" that provides a single access point for running queries across multiple brokers.
The security analytics warehouse itself is Hadoop-based and allows companies to store and stage petabytes worth of structured and unstructured data. The warehouse supports long-term data archiving, forensics and analysis, says RSA, the security division of EMC.
Unlike traditional security incident and event management products that are log-centric in nature, RSA's Security Analytics platform supports full network packet capture and network session deconstruction as well, said Paul Stamp, director of product marketing at RSA.
It lets security administrators gather and look at petabytes worth data from multiple vantage points to uncover threats that are very hard to discover using existing security tools.
"This is a responsive technology. It's about new detection capabilities," Stamp said. It's about starting to narrow the gap between when an attack is detected and when the attack happened, he added.
RSA's technology is among an emerging class of security products attempting to use big data management and analytics approaches to address security problems. Other companies, including IBM, HP, Symantec and Trend Micro, are working on similar products.
Like big data analytics tools in other IT environments, the security products are designed to let administrators run queries against extremely large and varied data sets to uncover threat patterns that would otherwise have remained hidden.
Many security analysts and practitioners say that the need for such tools is growing. They are convinced that unless there's a better way for security organizations to ingest and analyze the gigabytes and even terabytes worth of security log and network event data generated daily inside companies, there's no way to fight emerging threats.
Existing signature-based security tools fail to provide a complete picture of threats that may be lurking inside a network because they are fixed function and designed to look only at narrow set of parameters, said Jon Oltsik, an analyst with the Enterprise Security Group. "None of the tools can take in multiple data feeds and then give you the ability to query the data," to look for hidden threats, Oltsik said. Such a capability is crucial at a time when attacks are becoming increasingly sophisticated, targeted and hard to detect, he said.
BI and analytics
- RSA brings big data analytics to security threat management
- Moving beyond Hadoop for big data needs
- Q&A;: What's needed to get a big data job?
- SAS extends analytics support for unstructured data
- Time has come for chief analytics officers
- Big data brings big academic opportunities
- Finding the business value in big data is a big problem
- IT-centric enterprise BI models unsustainable, says Forrester
- For Univ. of Kentucky, SAP's HANA is 'disruptive'
- Enterprise BI models undergo radical transformation
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Eclipse Aerospace Case Study
- Building an Agile, Cost-efficient Business using a Virtualized Data Center.
- SAP on Vblock Systems Overview
- VCE, in partnership with SAP, is leading the way with virtual SAP landscapes. Vblock Systems offer a factory-integrated, enterprise-class IT infrastructure that streamlines...
- Why IT Struggles to Innovate, and How You Can Fix It
- It seems that it's virtually impossible for IT to meet all business demands with current budgets, resources, and approaches. However, business keeps changing...
- CDW Partner Review: Software License Management
- This guide examines complications of software license management brought on by user self-provisioning, virtualization and the proliferation of BYOD apps and offers guidance...
- Software Asset Management: Ensuring Today's Assets
- Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but... All Applications White Papers
- Live Webcast
Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider - Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider
- Live Webcast
On-Demand Webcast: 7 Reasons to Choose VoIP - Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA... - Live Webcast
Unified Communications 101 - Learn more!
- Reduce Costs and Improve Asset Utilization with Vblock
- IDC discusses how Vblock System customers were able to save time and money, as well as improve performance.
- BlackBerry 10 Apps: Samples and Demos You Can Implement Today
- Access this on-demand webcast and grab some powerful BlackBerry® 10 code samples, ready-made for business app developers. Plus, find out about great resources...
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- SAM: A must have IT tool to help reduce costs and minimize business and legal risks.
- Amazing App APIs - Making Your BlackBerry 10 App Rock
- Get the inside story on powerful BlackBerry® 10 APIs every enterprise app developer should leverage. Access this webinar to learn how you can...
- Migrating Apps to BlackBerry 10
- Porting your existing BlackBerry® OS apps (and apps you've developed for other platforms) over to BlackBerry® 10 is easy. In this webcast, learn... All Applications Webcasts
Our weekly newsletter will cover a wide range of topics and trends related to consumerization. Stay up to date with news, reviews and in-depth coverage of BYOD, smartphones, tablets, MDM, cloud, social and how consumerization affects IT. Subscribe now!