Stats & Trends
Jonathan Crowe
Mar 2016

RSA 2016 Reactions: Is Too Much Data Hurting Security?

Photo by Source

security_data_analytics.jpg

When attendees flooded into San Francisco's Moscone Center for this year's RSA Conference, over 550 vendors were ready and waiting for them, offering a dizzying array of products and services that run the gamut from app security to VPNs. 

Threat intelligence, authentication solutions, products that handle intrusion detection, prevention, and forensics (oh my!), firewalls, "next generation" approaches to, well, just about everything — there was a little bit of everything for anyone ping-ponging across the expo floor. Well, everything except maybe a cure for this pesky #cyberpathogen problem

One thing essentially all these solutions have in common? They produce data. And while "more data" has become something of a rallying cry for vendors, when it comes to actually digesting that data there's a tangible sense many security people are already starting to feel like this:

via GIPHY

Did you think that kid caught a glimpse of a suspicious anomaly before the flood of data flipped him tail over teakettle?

 

This Year's Top Trends: Threat Intelligence, Security Analytics, and the Data Deluge

Here are just a few of the reactions from infosec experts pointing to the challenge of actually harnessing all the data now flowing our way. 

In his RSA 2016 recap post, infosec expert Daniel Miessler underscored the need to translate data into meaningful insights and action. 


dan_miessler_profile_image.png"We’re finally figuring out that we have too many products doing too many things, and it’s time to try to extract something useful from it all."

— Daniel Miessler

Hewlett Packard Enterprise CTO Martin Fink pointed to the same problem in his keynote address, saying that security command centers are presently drowning in data, and they need help analyzing it all.

martin_fink_profile_pic.png
"The security problem is now an analytics problem."

— Martin Fink, CTO at Hewlett Packard Enterprise


Tripwire's Travis Smith stressed the importance of context and focusing in on the right data. 
 

Travis_Smith_profile_pic.png"Security data is more than big data — it's morbidly obese data — and the more we collect, the more noise comes along with it." 

— Travis Smith, Senior Security Research Engineer at Tripwire

 

Tips on Taking a More Practical Approach to Security Analytics

As our co-founder and CTO Jack Danahy points out in his recent post for SecurityWeek, "Don't Shop Hungry for Security," deciding to invest in more data won't do you much good unless you have a plan and the capabilities in place to actually use it.

Here are two questions he suggests you ask before you turn on another faucet of data: 

  1. Will new this new information gathering fit within processes you already use?
  2. Will you be able to make sense of the type and volume of information that you are thinking of gathering?



meet-the-team-jack.jpg"Passively gathering information may seem pretty innocuous, but more is not better when the “more” can drown you or expose you to liability when you miss alerts in the stream."

— Jack Danahy, CTO and co-founder of Barkly

 

Miessler adds a third question to ask: Will this new data you're gathering be actionable? 

 

Additonal Resources

For anyone interested in learning more about putting security analytics to good use, see Anton Chuvakin's presentation "Demystifying Security Analytics: Data, Methods, Use Cases"

Demystifying Security Analytics

Chuvakin, research VP for Gartner's GTP Security and Risk Management group, delivered the presentation at RSA. I highly recommend his recap of the conference, too (even if he does describe it as "a bit curmudgenly"). 

Real-world example: For an interesting behind-the-scenes look at a prominent tech company actively tackling the monitoring problem, see Ryan Huber's post on how they handle security alerting at Slack.

One More Thing...

Don't miss out on more practical tips and approaches to security's biggest challenges. Sign up to get new Barkly blog posts delivered to your inbox.  

 

Photo by: Wally Gobetz

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.

lock-white.png

Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.