Churning through massive amounts of data in near real-time and identifying anomalies as they occur is the holy grail of IT security.
The small realityMuch like flying cars or dehydrated beer, a "drop in" big data security application that patiently scans every iota of internal and environmental data, and then quietly drops an appointment on your calendar for the denial of service attack that will happen next week, is not yet ready for mass consumption. While conceptually simple, the data gathering, storage, and analytic technology required to pull off such a feat are still in the juvenile stages at best. Furthermore, the cost for these technologies and the integration required for true predictive security are significant. Unless your business is highly sensitive to security concerns, at this point, the cost likely puts it out of reach.
The good news is that predictive security has a compelling and obvious benefit, one that's captured the attention of CIOs and, in turn, spurred investment by the large big data and IT security companies. While none of the "usual suspects" in the vendor pool have a prepackaged and easily installed big data security offering, there are several things you can do to get ready for predictive security.
Instrumentation is consultant-speak for establishing logging and data capture on relevant devices and services. While your firewalls and package software may do a fine job with logging out of the box, third party applications or custom code that's accessible to the outside world may have minimal logging, or "orphaned" logging that's not integrated into your overall security and monitoring infrastructure. Even if a low-cost, drop-in solution for predictive security existed, if your IT shop doesn't have every application and device properly instrumented and centrally monitored, big data simply won't help.
Practice and procedure
Even in organizations that have a well-managed security infrastructure, once a breach is identified there are often befuddled looks and no clear lines of reporting or responsibility, costing precious hours during an attack. While it's easy for IT to do security drills, what happens in a real incident where your back-end transactional or financial system is compromised? Can IT unilaterally shut it down, essentially pressing "pause" on your company's ability to market, ship goods, or record, and manage cash? Who needs to be notified, and who has ultimate decision making authority? The main promise of predictive security is buying an organization time; however, well-planned procedures that include all elements of your business, not just IT, can do the same in the short term.