As perimeter defences fail, security experts are falling back on analytics. Tom Brewster says Big Data and context are hot at the RSA 2013 show
Context and intelligence will be two of the buzzwords of the week here at RSA 2013 in San Francisco, at least from the vendor side, as the security world recognises the failures of most perimeter defences.
Already, on the opening morning of the security conference, major players, including RSA itself, have pushed out products aimed at taking advantage of Big Data and analytics, acquiring the context to investigate and block potential threats.
They’re focused on providing intelligence to gain a better understanding of where attacks are coming from and how to prevent them in the future, differing from the signature-based protection methods of yore.
Vendors aren’t just pushing out more security information and events management (SIEM) products either, claiming they never took enough context into account, nor did they bundle enough features into the same interface for IT teams.
RSA aiming for NextGen security
As part of its bid to be the Big Data security leader, RSA today launched NextGen Security Operations Center (SOC) services, designed to provide backup for companies looking to pull their own SOCs up to standard.
Services will see RSA workers help companies implement the strategy, workflows and technology designed to help counter modern, advanced threats.
“The new RSA Next Generation Security Operations Center (SOC) approach is designed as a reference architecture to quickly adapt to and ramp from any organisation’s current state security operating model to transform from purely reactive to a predictive intelligence-driven foundation,” said Peter Tran, senior director for the RSA Advanced Cyber Defense Practice, in a blog post.
“Gone are the days of ad hoc and inefficient operating processes, poor technology utilisation and alert-based investigations with little to no context-based analytics.
To back up its services, the EMC-owned company announced various pieces of supplementary software: Data Discovery for Security Analytics, which is available immediately, as well as the RSA Asset Criticality Intelligence (ACI) and RSA Advanced Incident Management for Security (AIMS) to be made available in March.
Those products will all work alongside RSA’s Security Analytics platform, launched last month, to provide more streams of information and greater ability to take action from the main interface.
What is HP up to?
Many vendors will be talking up their context-aware suites this week, including HP, which is combining its ArcSight SIEM technology with its Autonomy software to provide “tracking and analysis of human sentiments associated with data”. HP could not tell TechWeekEurope anything else about the new product, however, and didn’t even provide a name for it.
HP did provide more detail on its new HP ArcSight Cloud Connector Framework, however, saying it would allow organisations to collect application event and log data from cloud service providers. The product is based on industry-standard protocols, “providing a single, real-time view into user activity and threat monitoring for on-premises and cloud applications”, the troubled tech giant said.
More interestingly, HP is connecting ArcSight with the Hadoop framework for dealing with Big Data, often seen as a threat to the success of Autonomy. The former British titan has caused trouble for Meg Whitman and her team since they alleged accounting “improprieties” led to a $8.8billion (£5.3bn) non-cash impairment charge.
Talking up its HP ArcSight 6.0c with Apache Hadoop, the company said: “The solution links HP ArcSight’s reporting, search and correlation capabilities with Hadoop’s large, centralised storage repository, giving organisations the storage capacity needed to handle petabytes of information.
“Open-source machine-learning algorithms, statistical analysis, anomaly detection and predictive analytics can be applied to the stored data, providing greater insight and resolution into security events.”
Juniper Networks, which also announced a closer relationship with RSA today, released a host of products designed to provide intelligence on attackers themselves. The lead product is Junos Spotlight Secure, which Juniper claimed is the “only cloud-based global attacker intelligence service that identifies individual attackers at the device level and tracks them in a global database”.
The service creates “a persistent fingerprint of attacker devices based on over 200 unique attributes”. Once attackers are given an ID, they are blocked from customers’ networks. The product works alongside Junos WebApp Secure, which is based on Juniper’s acquired Mykonos technology, to block attackers playing on the network.
It also includes the Mykonos ‘Intrusion Deception’ technology, which tricks hackers into accessing data, making them believe they are carrying out surreptitious attacks, when actually they are being tracked by their targets.
Juniper is planning on incorporating these technologies into its software defined networking (SDN) strategy, and it should be able to feed in RSA-held intelligence too, now it has formed closer ties with its partner.
Evidently, from the early signs at RSA 2013, vendors are racing to provide intelligence and context, as perimeter defences fail to live up to IT’s expectations.
TechWeekEurope will be reporting from San Francisco for the next five days. Later in the week, there will be plenty of talk about two of the biggest trends in security: China and hacking back to fight cyber crooks.
Are you a security expert? Try our quiz!