Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC StormCast for Monday, May 25th 2015 http://isc.sans.edu/podcastdetail.html?id=4497

Business Value in "Big Data"

Published: 2015-05-23
Last Updated: 2015-05-23 15:55:07 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

There is more information available as to what Big Data really mean. In the type of business that most of us deal with daily, you are likely swamped by huge amount of structured or unstructured data that is entirely, partially or not at all collected. Some of the reasons to collect that data are for competitive advantages, network security, operational issues, etc. but the power of that information is really to make timely decisions.

A study conducted by Forester in 2011 estimated "[...] that firms effectively utilize less than 5% of available data. Why so little? The rest is simply too expensive to deal with."[1] That still leaves 95% of untouched and unanalyzed data. Depending who you ask what is big data to you; you may get different answers such as volume, speed, variety, type and quality. Depending of the size of the network, you may lack the storage capacity to ingest and process everything the network is capable of generating and made difficult choices on what is more important to collect to make those timely decisions.

I think in order to make significant gain in collecting Big Data, there is a need comprehensive approach to managing data, how it is analyzed to gain information intelligence. That means choosing the right data, turning structured or unstructured into a common format (i.e. CEF is a widely supported format), reduce data footprint by keeping and aggregating a single copy of similar data (deduplication) and an archiving policy for old data.

We would like to hear from you. Are you currently evaluating what to do with your data and base on your current security posture, do you think the data you currently collect is enough to get valuable insight as to what is going on inside your network?

Note: If interested in sharing, Stephen Northcutt is currently looking for SEIM/SIEM success stories.

[1] http://blogs.forrester.com/brian_hopkins/11-09-30-big_data_will_help_shape_your_markets_next_big_winners
[2] https://protect724.hp.com/docs/DOC-1072
[3] https://www.linkedin.com/pulse/seimsiem-success-story-request-stephen-northcutt?trk=mp-reader-card

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Exploit kits delivering Necurs
3 days ago by Brad Duncan (8 comments)

Logjam - vulnerabilities in Diffie-Hellman key exchange affect browsers and servers using TLS
5 days ago by Brad Duncan (11 comments)

Upatre/Dyre malspam - Subject: eFax message from "unknown"
5 days ago by Brad Duncan (5 comments)

IoT roundup: Apple Watch Patches, Router Vulnerabilities
6 days ago by Dr. J. (0 comments)

False Positive? settings-win.data.microsoft.com resolving to Microsoft Blackhole IP
6 days ago by Dr. J. (3 comments)

Address spoofing vulnerability in Safari Web Browser
1 week ago by Manuel Humberto Santander Pelaacuteez (3 comments)

Lazy Coordinated Attacks Against Old Vulnerabilities
4 decades ago by Dr. J. (1 comment)

View All Diaries →

Latest Discussions

Detecting the New Dridex Malware
created 3 days ago by Mostropi (0 replies)

Deleted Post [Duplicate]
created 3 days ago by Mostropi (0 replies)

What is the current Vulnerability targeted by Magnitude Exploit?
created 5 days ago by Mostropi (2 replies)

DShield-Top100 sources list vs the ASCII version
created 5 days ago by JamesW (1 reply)

Dshield shows "Rejected: Not an input block line"
created 1 week ago by Telserv (1 reply)

View All Forums →

Latest News

View All News →