When Big Data Changed Security

This morning, EMC announced a new landmark product: RSA Security Analytics.

While there's a lot to appreciate in the specifics of the product itself, I think the real story is how this announcement evidences a substantial shift in how we think about information security.

Information has quickly become the most critical enterprise asset.  It's inevitably attracted a new class of attacks and attackers. 

As a result, information security concerns have quickly escalated beyond IT to the board of directors.  The threat landscape has radically shifted over the last few years -- and people are paying very close attention.

At the same time, big data analytics has amply demonstrated its power to radically transform the effectiveness of most any important business process.  Powerful predictive models fed with diverse data sources routinely produces astonishing results. 
 
Improving information security most certainly qualifies as one of those critically important business processes.

And it shouldn't be any surprise that security professionals are starting to reach for a new class of more powerful tools.

A Unique Opportunity For IT Leaders

So much of what I blog about revolves around IT leadership -- how I see people being successful in these -- errr, interesting -- times.

EMC is wonderfully fortunate to be able to draw from the practical experiences of our own EMC IT organization, led by our CIO Sanjay Mirchandani.  

Sanjay's story around how he is leading a continual transformation of our IT function has proven to be deeply productive for EMC's customers and partners.  

And it just gets better over time.

At EMC World 2012, Sanjay took the stage for an hour.  He not only recapped the highlights of the journey so far, but laid out the next few years of IT evolution at EMC.

I'm watching it, and going through the companion slides.  It's compelling content for *anyone* interested in strategic IT transformation at any level.  Yes, it's an hour long -- but it's probably the most compelling hour on the topic I've ever seen anywhere.  Highly recommended.

Find the video here.  Download his powerpoint slides and click along here.

Trust In IT: The Business Perspective

It's the week after the landmark RSA Security Conference, and cyber security is justifiably very much on everyone's mind.

The picture today is not pretty: the bad guys appear to be organized for success, and their intended victims are generally not.

For me, the RSA Conference gave me a good overview of where we are towards closing the currently wide gap -- and a sobering reminder of the work that lies ahead.

Creating Actionable Intelligence: The Brave New World Of Information Security

If you've been paying attention in the security world, you'll probably sense that a sea-change is well underway. The forces behind the "perfect storm" are assembled and quickly gathering strength.

More information in more places. Higher-value information targets.  And an increasingly sophisticated and well-funded set of opponents using APT techniques to secure their prize. 

Most people chartered with responding are very much aware of the new challenges -- but what to do?   

While there are no simplistic answers, there is a clear consensus emerging that this is no mere matter of better technology; it requires a deep and thoughtful organizational response -- a new way of doing things in the new world. 

The latest evidence comes from the SBIC -- the Security for Business Innovation Council --  in their new report "Getting Ahead Of Advanced Threats: Achieving Intelligence-Driven Information Security". The SBIC is a subset of very bright and passionate security leaders in Fortune 1000 settings that regularly gather to make strategic recommendations for the community at large.  

Sponsored by RSA, we've seen a number of useful reports on relevant and topical corporate information security subjects. This one is worth reading -- simply because it sketches out a roadmap of how security leaders will need to go about building their new organizational response in this new world. 

Like anything else, the challenge essentially boils down to organizing for success around a few new principles.

Worker Safety In The Information Age

The modern economy is increasingly built on a cadre of knowledge workers who consume and process enormous amounts of information. 

But these information-intense models are not without their risks, as we are continually reminded.

One of the big stories of 2011 was the rise of APTs -- advanced persistent threats -- that are causing us to re-think many long-held precepts around information security.  There are new security philosophies emerging; new process and tools -- and new focus areas to consider

As Art Coviello put it so eloquently in his RSA keynote -- "people are the new perimeter".  But how do we arm our knowledge workers to handle information -- in all its forms -- safely?

Rather than scratch our heads and wonder how best to close this seemingly brand-new proficiency gap, I think it's useful to review how earlier "trade" industries -- manufacturing, construction, shipbuilding, etc. -- identified this particular problem, and created the foundational methodologies to manage worker safety in an earlier age.

We often forget than seemingly new problems have sometimes been solved before, just in a different context.  

And this might be just such an example.

New Security Thinking For A New World

As an armchair student of the big transitions that happen in the IT industry, I've learned that the hard part is getting your mind wrapped around a relatively new perspective.  We, as technologists, tend to focus on how things work, rather than what they might mean. 

For example, the internet isn't really about packets and DNS so much; it's about what can happen when connectivity becomes ubiquitous.   Tablets and smartphones are really about when consumption becomes ubiquitous as well.

Cloud isn't about sterile NIST definitions, it's what happens when IT organizations realize they're no longer a monopoly and have to compete for the business.  

Big data isn't a capacity problem; it's really about learning a new form of creating value from massive amounts of information. 

Get the right perspective on a specific transition, the rest becomes mostly a matter of evangelism  and execution.  Fail to get the right perspective, and you won't make much progress at all.

And so I enjoyed reading the recent findings of the RSA-sponsored Advanced Threat Summit.  

When Big Data Met Security: Is The New Era Beginning?

Two powerful IT mega-trends appear to be combining in an interesting and powerful way.

One highly visible trend is the rise of APTs: advanced persistent threats.  These newer attacks have routinely defeated traditional approaches to information security, and show no sign of abatement.

The other power trend is the amazing power of analytics-at-scale in the hands of data scientists.  I continue to be fascinated by the dazzling potential here.

Could the stunning power of big data be part of the answer to the new class of advanced threats?

APTs: Assume You Are Compromised

Today's must-read gem is the latest report from the SBIC -- the Security for Business Innovation Council.  

If you're not familiar, the SBIC is an RSA-sponsored group of information security leaders spanning the Global 1000.  Periodically, they issue far-reaching perspectives on the state of information security in corporate environments.

This is the eighth report in the series, and the topic is undoubtedly the one that's on everyone's minds: When Advanced Persistent Threats Go Mainstream

I got my hands on a review copy.  It's more than a good read -- it's an essential read.

To be clear, this is not your typical vendor "white paper" that ends up being a thinly-veiled pitch for whatever they're selling; by comparison, this document is a hard-hitting and sobering 25-page study of the new threat profile, and -- more importantly -- what needs to be done organizationally to compensate.

The headline from the press release gets right to the point -- assuming that you are compromised already, how do you minimize the damage?  

Although I'm not a fan of the-world-is-ending headlines (especially when it comes to security), it might be somewhat justified in this case. 

From my perspective, APTs and the related discussion represents perhaps the single most important shift in information security thinking in the last few decades.  

As such, this ends up on my "must-read" list for just about everyone.

Many of the recommendations here stretch far outside the traditional security domain -- affecting existing functions and making a strong case for investment in new ones.  It's a brave new world.

What I found especially fascinating was the real-world color from the people in charge of securing information assets at some of the largest organizations in the world.  It's obvious -- they're concerned.  As perhaps you should be as well.

This is not light summer reading -- but it is important.  

I hope you can find some time to read it.

Harris: What It Takes To Build A Trusted Cloud

If you've been following the whole VCE-enabled service provider story, you'll recall that Harris Corporation was one of first (and perhaps most enthusiastic) Vblock adopters.

They've built on Vblocks -- and other technologies from V,C and E -- to offer up an extremely well-positioned service: the Harris Trusted Enterprise Cloud.  Their proposition was simple: the Harris cloud has the foundation to be more secure and more trusted than anything most enterprise IT organizations could do themselves.

Since its announcement, I've always wanted to know more about the details: what made it different, and who were the key people behind the offering.  

This week, I was fortunate enough to have an extended conversation with Wyatt Starnes, VP of Advanced Concepts at Harris' Cyber Integrated Solutions division.  

By the way, I think Wyatt has me beat in the Cool Job Title competition.

Wyatt is not only one of the lead actors in this story, he's a wealth of compelling insight.  

Fasten your seatbelts and hang on ...

RSA Acquires NetWitness

Newer forms of advanced persistent threats (APTs) are very much on my mind these days.  Maybe they should be on your mind, too.

Over the weekend, RSA's Uri Rivner posted some very sobering details ("Anatomy Of An Attack") regarding EMC's recent experience.  I don't often do this, but -- please -- go read this post.

I'd encourage you to resist the usual human tendency to assume that someone made a huge mistake (not true), or the people involved might be incompetent (they most definitely aren't) or that -- somehow -- the circumstances don't apply to you or your organization. .

I am told that one of the key actors in this episode was EMC IT's use of NetWitness to detect and isolate the attack while it was occurring.  Lest you assume this was some sort of cause-and-effect scenario, the business discussions were well advanced at the time of the event.

From an IT security perspective, I think we live in a new era.  And anyone who purports to have a simplistic answer really doesn't understand the magnitude of the challenge.

You can learn more here.