To solve the big data challenge in security, prioritized data flow, continuous data processing for analysis, and translation and exporting of data are all required to form a unified security architecture.
When someone claims security is a big data problem, they’re usually talking about the massive quantity of internal threat and event data generated by logs, SIEM, ticketing, and case management systems. Many security professionals suffer from alert fatigue as a result of the volume of alerts generated by various sources.
The millions of external threat data points analysts receive every day from the various sources they subscribe to –open source, commercial, industry, government, security vendors as well as frameworks like MITRE ATT&CK – add to the fatigue.
And the situation is deteriorating. Bad actors take advantage of new attack vectors as business models change, such as IoT devices, operational technology (OT), and the various personal and professional devices individuals now switch between.
They also use human vulnerabilities to penetrate organizations, impersonating trusted co-workers and third parties. In an attempt to fix security gaps, layering more solutions and subscribing to more feeds generates new sorts and formats of data to be collected in massive volumes.
The big data problem
Big data is a concern that security teams are dealing with. They need a data-driven strategy to security operations to solve this big data dilemma. They can generate a meaningful, continuous, and useable data flow by using a platform that can get data in diverse formats and languages from different systems, vendors and sources to operate together.
Full article: Addressing the Big Data Problem with a Data-Driven Approach to Security Operations