How to define SIEM strategy, management and success in the enterprise
A comprehensive collection of articles, videos and more, hand-picked by our editors
Your organization likely is just starting to experience the joys of “big data.” Companies are enthralled with the idea of leveraging large quantities of data for targeted marketing or other initiatives. As with any new love affair, they’re blind to the flaws of their beloved. It is imperative, however, that you -- users of the data -- understand these massive data stores contain significant amounts of toxic data.
Toxic data is any data that could be damaging to an organization if it leaves that organization's control. Typically, toxic data includes custodial data -- such as credit card numbers, personally identifiable information (PII) like Social Security numbers, and personal health information (PHI) -- and sensitive intellectual property, including business plans and product designs.
Today, cyberthieves and nation-state agents are actively working to steal this toxic data. Inadequately secured and poorly controlled big data environments can potentially make it easier by reducing the number of places these thieves must compromise in order to steal the data they want. As the first blush of the enterprise love affair with big data wears off, companies must become aware of the issues surrounding big data and work to properly control and protect their big data environments.
Now is the time to acknowledge the security risks of big data and begin to plan the appropriate controls for big data security. You can use a unified approach to data discovery and classification to archive and defensibly delete large volumes of data before applying security controls such as encryption, tokenization and rights management.
Forrester has created a framework to help security and risk professionals control big data. Forrester’s Big Data Security and Control Framework breaks down the problem of securing and controlling big data into three steps:
1. DEFINE THE DATA
Many enterprises are just embarking on their big data efforts and have yet to fully deploy the tools and IT infrastructure for these initiatives. They may not even know what data -- structured or unstructured -- they will ultimately aggregate within big data repositories. Therefore, together with your counterparts in legal and privacy, you should define data classification levels based on toxicity. This allows security to properly protect data based on its classification once it knows where that data is located in the enterprise. Discovery and classification are critical: Data discovery locates and indexes big data and data classification catalogs data to make it easier to control.
2. DISSECT AND ANALYZE THE DATA
Big data isn't just valuable to the business; security and risk professionals can also derive significant value from big data repositories. Big data environments will invariably store security information. This means you will have access to more data than ever before. Look for security information management (SIM) and network analysis and visibility (NAV) solutions to intersect with big data to enhance security decision-making. Extracting information from these massive data sets will prove invaluable to your efforts and you should also anticipate using this data more efficiently to prioritize security initiatives and more effectively place the proper security controls.
3. DEFEND AND PROTECT THE DATA
As the number of attacks increases and their sophistication improves, it is clear that security and risk professionals must do a better job of defending their data. The Forrester framework provides basic ways to defend and protect big data:
- Access control ensures the right user gets access to the right data at the right time. Amassing greater data volumes increases the risk that a cybercriminal or insider (malicious or otherwise) can readily compromise sensitive information. Therefore, in order to secure big data environments, organizations should strictly limit the number of people that can access data and continuously monitor those users' access levels throughout their employment.
- Inspecting data usage patterns can alert security teams to potential abuses. You can accomplish this by deploying NAV tools such as metadata analysis, packet capture analysis, or flow analysis tools and integrating them with your SIM solution to give you the unparalleled network visibility you need to proactively protect toxic big data.
- Disposing of data when the enterprise no longer needs it is a powerful defensive tactic. With proper classification and supporting controls, enterprises can defensively dispose of any toxic data no longer required by real business interests, compliance mandates, or data preservation obligations for investigations or litigation. Resist the temptation to keep every byte of data just because you can.
- "Killing" data devalues it so cybercriminals cannot use it or sell it. Organizations can devalue data using data abstraction techniques such as encryption, tokenization and masking. Generally, cybercriminals cannot easily decrypt or recover data that one has encrypted or otherwise abstracted; then that data no longer has any value on a black market.
Data is powerful -- but also dangerous. The wrong data falling into the wrong hands can have devastating consequences. Start big data security planning now because building security into big data initiatives early on will reduce costs, risks and deployment pain.
About the author:
John Kindervag is a principal analyst at Forrester Research, where he serves security & risk professionals. He will be speaking at Forrester’s Security Forum, May 24-25, in Las Vegas. Send comments on this column to firstname.lastname@example.org.