IBM and RSA this week unveiled big data security analytics, merging their security monitoring systems with the Hadoop software framework in a move that executives at both firms predict could create a whole new breed of intelligent information security systems. But some security analysts predict a number of hurdles ahead.
IBM, Armonk, N.Y., is merging its QRadar security information event management (SIEM) appliance with its InfoSphere BigInsights analytics platform. IBM InfoSphere BigInsights is the company's Apache Hadoop product designed to use the open-source software framework to analyze structured and unstructured data for business purposes. It was unveiled in October on its PureSystems line of servers and is based on the data warehouse appliance technology IBM acquired when it bought Netezza in 2010.
The QRadar platform will remain the dashboard for IT security analysts. IBM has added a BigInsights querying interface it calls BigSheets. Data from QRadar is fed into the analytics workbench.
[Related: 8 Ways Big Data Will Change Our Lives]
Only a limited number of companies will deploy big data security analytics, said Marc van Zadelhoff, vice president of security strategy and product management at IBM, adding that he expects early adopters to be in the "low hundreds of customers in the next couple of years." Organizations in the defense and financial industries and government agencies would be the first to merge security data and unstructured data to expand visibility.
"We're not saying SIEM is falling down; that is not our problem," Zadelhoff said. "We're seeing customer requirements changing significantly. They want the ability to add unstructured data."
A number of other security firms are making the attempt to merge SIEM system data with Hadoop implementations for deep data analysis. RSA is integrating its multiple acquisitions into a single security analytics platform. RSA and IBM have similar network analysis and visibility components and log and event management integration, said John Kindervag, principal analyst at Forrester Research. Hewlett-Packard, which has not yet unveiled a security analytics platform, is said to be working on a connector to its Vertica Hadoop engine, but Kindervag said its ArcSight SIEM platform is limited to log correlation and analysis.
NEXT: Challenges Ahead For Big Data Security AnalyticsIBM has focused its strategy on data management and analytics, said Scott Crawford, research director at Enterprise Management Associates. Crawford said he would expect the company to build security analysis tools specifically purposed to environments such as Hadoop. "Given the importance of investigation to security operations in many enterprises, I would expect IBM to address that need directly," he said.
Forrester's Kindervag likens big data warehousing systems to a "garage that IT built for the business to throw stuff into." A lot of the data is never going to be used again, he said. In addition, maintaining large warehouses of data poses the problem of how to ensure the information is well protected so it isn't stolen, he said.
"Right now we're at the honeymoon between the business and big data and pretty soon the business is going to learn that big data is going to have big problems that didn't show up in the courtship," Kindervag said.
Another challenge both IBM and RSA face with their new security analytics capabilities will be the need to build better automated statistical analysis and visual mapping to keep data correlation and analysis in the background, Kindervag said. Eventually organizations will be able to do more predictive threat modeling, finding weak points where exploitation is likely, but the systems will always have the problem that there is a certain randomness to attacks, Kindervag said.
"This is only going to be valuable if the reporting engine is good enough to give you some actionable results with fairly minimal effort," Kindervag said. "Most companies can't afford those kind of high-paid, mathematical whiz-kid genius staffers needed for big data analysis."
PUBLISHED JAN. 31, 2013