You cannot possibly view every single log file, every single login, every single password change, email, forum post, blog access, etc, etc. within your organization with the limits to staffing. It's not possible. This may be why Mandiant says that it takes over 200+ days to recognize an intrusion. The reason that it takes so long is because no administrator or security engineer can possibly read everything that comes into your network. This is where big data comes into play as well as analytics and data warehousing.
If your short on staff you should look into ways to make your existing staff more effective. One very easy win for the enterprise is to utilize distributed computing and big data together to find those needles in a hay stack.
So why aren't more company's investing in big data? Don't get it wrong many companies are using big data for business processes. Only a handful are using big data for use in analytic log monitoring. You and I both know that you cannot possibly look at every single line of code, every single log file, every single email or document stored on your network, and who would want to? So how can you use big data to find security issues in your network? Build a cloud and run analytics to look at the data differently.
I will be posting more on distributed computing and cloud storage in the upcoming weeks. Stay tuned and have a great day!
No comments:
Post a Comment