The small reality
The good news is that predictive security has a compelling and obvious benefit, one that's captured the attention of CIOs and, in turn, spurred investment by the large big data and IT security companies. While none of the "usual suspects" in the vendor pool have a prepackaged and easily installed big data security offering, there are several things you can do to get ready for predictive security.
Instrumentation is consultant-speak for establishing logging and data capture on relevant devices and services. While your firewalls and package software may do a fine job with logging out of the box, third party applications or custom code that's accessible to the outside world may have minimal logging, or "orphaned" logging that's not integrated into your overall security and monitoring infrastructure. Even if a low-cost, drop-in solution for predictive security existed, if your IT shop doesn't have every application and device properly instrumented and centrally monitored, big data simply won't help.
Practice and procedure
Even in organizations that have a well-managed security infrastructure, once a breach is identified there are often befuddled looks and no clear lines of reporting or responsibility, costing precious hours during an attack. While it's easy for IT to do security drills, what happens in a real incident where your back-end transactional or financial system is compromised? Can IT unilaterally shut it down, essentially pressing "pause" on your company's ability to market, ship goods, or record, and manage cash? Who needs to be notified, and who has ultimate decision making authority? The main promise of predictive security is buying an organization time; however, well-planned procedures that include all elements of your business, not just IT, can do the same in the short term.
Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent over a decade providing strategy consulting services to Fortune 500 and 1000 companies. Patrick can be reached at email@example.com, and you can follow his blog at www.itbswatch.com. All opinions are his and may not represent those of his employer.