Why big data it environments need a new kind of speed
6
Click here to load reader
description
Introduction into Big data & the future of Internet
Transcript of Why big data it environments need a new kind of speed
Why Big Data IT Environments Need a New Kind of SpeedMore data, more challengesIn the world of IT and IT Security, we hear time and again “speed is everything.” Over the past decade we’ve seen firewalls break the 1G, 10G, and 40G performance barriers. Bigger and faster is better, right? Well, maybe not today...
Even with a security infrastructure capable of extreme speeds and spec’d well over the capacity we are actually using, threats continue to penetrate our networks. This begs the question – are we applying the speed (computational capacity) in the best way?
It’s time to step back and explore the need to apply speed (computational power) to more effectively improve our security posture. There is a growing challenge in many of today’s Big Data IT environments. These organizations’ IT infrastructures are supporting more traffic from more sources, generating dramatically more network and security data than ever before.
And within the petabytes or more of operational data in Big Data IT environments, the evidence shows that the majority of today’s security threats are easily circumventing existing security infrastructures. But with the right kind of speed, we can monitor more security events, unify security data, identify users, uncover threats, and accelerate response.
© 2014 Red Lambda, Inc. All Rights Reserved.
Functionality Zettabyte Era (Billion Terabytes)2010: 1.3 Zettabytes
2011: 1.8 Zettabytes
2020: 35 Zettabytes
80% touched by enterprise
Security Intelligence for IT Big DataGrowing Functionality Gap
Volume of Data
Visualization
Analytics
Processing & Storage
What kind of speed do we need?
MetaGrid™
Host-level (Database, DAM, Syslog, Server Apps, Web Apps)
Directory (DNS, Access Control, Active Directory, LDAP)
Security (Firewall, WAF, Antivirus, IPS, CEF)
Network (Traffic, NetFlow, Wireless, Switch, Router)
General (Custom, Geo, News, CEF)
While we can always hope that our security systems will just automatically stop all threats and mitigate all risks, that’s never how it seems to turn out. So the starting place is building systems that give us eyes and ears into what is going on. The good news is, by and large, networks already have the eyes and ears in place.
We need a security infrastructure that is fast enough to collect, forward, and process ALL data from all available sources in the system: firewalls, IPSs, DLPs, application servers, directories, switches, etc. Traditionally these systems have forwarded only triggered alerts, a small subset of the available data. Now, we want all of the data. And collecting it requires more speed from our security infrastructure.
1. Speed that monitors everything.
Once we have a network of edge systems like switches that are fast enough not just to do their primary jobs but also collect and forward comprehensive data about what is going on, we have the opportunity to see a bigger picture.
Google is a great example of the power that is unlocked when you have the ability to see all the data. It’s hard to imagine what the Internet would be like without a central search engine like Google that lets you look through everything. Sure, there is a lot of junk in Google and searches can turn up a lot of false positives, but they also turn up a lot of high value information that just couldn’t be found any other way.
2. Speed that unifies security data.
© 2014 Red Lambda, Inc. All Rights Reserved.2
© 2014 Red Lambda, Inc. All Rights Reserved.3
Like the fable of the blind men and the elephant, each firewall, switch, and server is seeing a small slice of the total picture. But if we can put the data from all of them together, we can see something very different and much more useful. Keeping up with that flow of data in real time requires our security infrastructure to have some serious speed.
But there’s more...Being able to see all the data about what is happening on our network is, by itself, very powerful. But stopping here does not get us to the payoff we are looking for – an efficient, cost effective security system that actually keeps us secure. We need the speed to go even further.
Each firewall, server and switch sees a small piece of the picture—one slice of data. What we need is a security infrastructure with enough speed to collect all that data, correlate it together and turn it into collective, unified intelligence.
Once we have a system with the speed to see what is really going on and who is doing it, we then want that system with the speed to rate the risk of each transaction and assess the behavior it represents to identify new threats as they unfold. There have been a lot of recent technological advancements in the world of big data processing and correlation. We need a system with the speed to take advantage of those. If the advertising companies can figure out enough about your behavior from collected data to know what kind of products to pitch to you, your security system should be able to figure out enough about user behavior to know when things are obviously not right.
3. Speed that uncovers threats.
© 2014 Red Lambda, Inc. All Rights Reserved.4
Or, put another way, “slow” accelerates risk. In today’s world, threats unfold rapidly. It doesn’t take long before what was just a threat converts into an embarrassing data loss. We need a security infrastructure with the speed to respond in that narrow window of opportunity. Forensically analyzing what happened so we can put in place policies and systems to prevent it from happening again is important. But if the threatscape is always changing and today’s threats are always different from yesterday’s, then post- mortem analysis alone will only leave us poorer and more depressed. We need a security infrastructure with the speed to react in real time when it starts to see a threat scenario developing.
5. Speed that accelerates response.
Making security infrastructure work is not just about getting the data. It’s about analyzing that data in order to get information.
4. Speed that identifies everyone.
Managing security is substantially about managing risk. Assessing risk requires us to know things like who is doing something and where they are doing it from. Traditionally, the answer to both of those questions has been an IP address. This anonymous and changing identity is a useful piece of data, but alone it does not provide enough information to make a risk assessment decision with any speed. What we really need to know is actual name and organizational role – the real person behind the event. We also need to know real location – are they sitting in the datacenter management room or are they at an Internet café in a country where we have no offices? We need a security infrastructure with the speed to correlate all of the records related to an event together so we can see the real world and not just an IP address.
? ✓Without Identity-awarenessUser: 10.1.7.15
With Identity-awarenessUser: Alice JonesEmail: [email protected]: 1-415-555-1234Dept.: IS&T/Server AdministrationSupervisor: Bob SmithPresent Location: Main DatacenterDevice: Known Company-Issued LaptopNetwork: Wired/Port88A-1515
So, where do we go now?Continuing to simply expand on what we did last year achieves a linear growth in our defensive capability at a time when the threats we face are growing exponentially. We need to put in place security infrastructure with enough power to let us jump ahead. Systems with throughput headroom might look fine measured against what’s been done historically, but they will not enable us make the disruptive changes we need to get ahead of the Big IT Data problem. It’s time to start measuring security solutions not in terms of speeds and feeds, but transformative potential. Whether you look at security as events to be remediated, risks to be managed, threats to be stopped, policies to be complied with, or all of the above, the next generation of technologies must start with speed for effective, data-driven security. In short, speed transforms security in Big Data IT environments.
© 2014 Red Lambda, Inc. All Rights Reserved.5
© 2014 Red Lambda, Inc. All Rights Reserved.v.17042014
Red Lambda, Inc. Phone: +1.407.682.1894 Fax: +1.718.247.1852
Corporate Headquarters2180 West State Road 434Suite 6200Longwood, Florida 32779
London1 Royal Exchange AvenueLondon, EC3V 3LTUnited Kingdom
About Red Lambda, Inc.Red Lambda enables businesses and government agencies to effectively secure their data through advanced, Big Data analytics technologies that break through the barriers and limitations of existing legacy systems and appliance-based offerings.
Red Lambda’s seamlessly integrated suite of solutions, powered by its massively scalable distrib-uted grid platform called MetaGridTM, fuses virtual supercomputing, relational stream processing, and artificial intelligence for the first time into one complete system, enabling real time, on-the-fly anomaly detection for known and unknown threats.
The system’s predictive capabilities deliver unprecedented visibility and actionable intelligence that makes sense of structured and unstructured data without rules, signatures, or manual programming. By empowering end users, companies can deploy preemptive strategies to confidently defend against cyberattacks while deriving significant business value from their operational data.
Based in Orlando, Florida, Red Lambda, Inc. maintains operations in the U.S. and London, distributing its solutions directly and through strategic partnerships worldwide. For more information, visit www.redlambda.com.
