RSA offering Hadoop-powered solution, as IBM looks to make a splash in the security intelligence space too
A host of companies are active in the Big Data-backed intelligence space now – another big player being Dell SecureWorks. They build on what security information and event management (SIEM) suppliers do, attempting to feed as much data as possible into handy UIs for security teams to monitor network activity, but look to allow for greater analytics work.
EMC-owned RSA has finally come good on a promise to build up its Big Data portfolio, announcing the release of its Security Analytics platform. The aim is to let IT do real-time investigations into threats, or potential attacks, all through an HTML5 interface, which displays data from all kinds of inputs, from Microsoft Windows Servers to clients, as well as network traffic through packet data.
“It’s monitoring, investigations and compliance reporting. We are combining our traditional SIEM platform – enVision – with some of the network monitoring pieces we gained through our acquisition of NetWitness. Then we are adding this Big Data management,” Richard Nichols, RSA’s sales director, told TechWeekEurope. The Archer risk management technology will also allow for subsequent actions to be taken directly from the interface.
But if companies really want to go in-depth with their security – and this is something that will appeal more to government bodies, military organisations and banks – RSA is offering a data warehouse capability, based on the Hadoop framework.
“This will allow organisations to hold data for as long as they want to, for things like after-the-fact analysis and investigations,” Nichols added.
A data warehouse of security information will be even more important to those bodies bound by regulations. For instance, if the European Commission gets its wish, companies will be required to share information on cyber attacks within the next three years. That means they will have to store that data, so RSA could be getting ahead of the game with its Hadoop-based option.
Those data warehouses will, unsurprisingly, be based on EMC kit. The first iteration of Security Analytics will rely on customers to buy into physical infrastructure, i.e. appliances, but the whole stack will be available in an entirely virtual format at some point this year.
The image below shows how all the different pieces of the puzzle fit together (red is for log data, blue is network data):
This integration of different RSA products is something customers can expect more of, Nichols added.
As for Big Blue, it today announced IBM Security Intelligence with Big Data, claiming it opened the door for custom analytics across both structured and unstructured data sources, including emails and social media. Forensics capabilities are on offer too.
IBM is also merging its current technologies, including the QRadar Security Intelligence Platform, built on the IP it gained in the Q1 Labs acquisition, as well as its InfoSphere BigInsights product.
“The combination of industry leading IBM security intelligence and big data capabilities is unrivalled ” said Brendan Hannigan, general manager of IBM’s Security Systems Division.
Both RSA and IBM’s offerings, which look fairly similar from a front-end perspective on first viewing, are both available now.
Are you a security expert? Try our quiz!