Cisco, HPE Execs At RSA: Ultimately, Security Is A Big Data Problem
Forrester outlines opportunities for big data.
The security industry is fighting an increasingly complex battle, one it will not win unless it embraces the next generation of analytics-based solutions, top executives from Cisco Systems and Hewlett Packard Enterprise stressed in separate keynotes Wednesday at the 2016 RSA Conference in San Francisco.
"We're fighting an escalating battle and things are only getting worse," said Martin Fink, executive vice president and CTO at Hewlett Packard Enterprise, Palo Alto, Calif. "We're not going to be able to protect ourselves using today's technology. We need to do something different."
Many companies are looking to solve today's security problem by adding new capabilities to their stack, said Martin Roesch, chief architect of the security business group at Cisco, San Jose, Calif. However, with the addition of each new capability comes a radical increase in complexity, he said, both in managing the technology itself and in analyzing the massive amount of alerts coming into the system. That complexity creates a "security effectiveness gap," he said, essentially negating the good intentions of the new solutions.
[Related: 10-Plus Hot New Security Solutions From Big-Name Vendors At RSA 2016]
"We see over and over again the effects of having all the right things, but not having the ability to consume the data," Roesch said.
Fink agreed with this, calling out the rapid increase in security alerts and false positives, which he said have turned a "needle in a haystack" problem to a "needle in a mountain of hay" problem.
However, there isn't a "security easy button" to fix the problem, Roesch said. Companies that say they have the cure-all solution for the security challenge are "killing us," he said, as they introduce solutions to solve point problems and increase security complexity.
"If we continue with the proliferation of all of these boxes to solve all of these point problems, which give us incremental capabilities on top of base capabilities, we are not going to be able to scale. We will never have any notion of simplicity," Roesch said. "We have to come up with better ways to do this."
However, Fink said there's hope for the security industry to "turn the tide" on the advantage hackers have on enterprises with real-time analytics-based technology. Ultimately, he said, security is a "big data problem."
"We need to build security into every part of the IT fabric so that our data and our systems are still protected even if or when the network is breached. We need to detect the threats and respond to them at machine speed, not human speed," Fink said.
This is an area in which HPE has been investing heavily. The company rolled out a new Cyber Reference Architecture at the event, as well as a new partnership with Fortinet to bring HPE's log management capabilities to the security vendor's enterprise firewalls. HP also rolled out a full suite of data and analytics solutions for security in the fall.
Cisco's Roesch said there are three key things a company can do to reduce complexity and increase security effectiveness with analytics. First, integration is needed to make technology smarter, something he said the industry understands "pretty well." Second, Roesch said companies need to consolidate to fewer platforms with more capabilities. Finally, he said companies need to automate analytics capabilities in a way that contextualizes events in an automated fashion to cut back on false positives.
"What we're really trying to build here is simplicity at scale," Roesch said to thousands in the RSA audience. "I believe if we are going to go that way, we need to change how we think about security and, in my role, this is what I really think is going to be an important part of the future for all of you and all of us."