(Note: This 451 Research report expands upon the ideas put forth in my Dark Reading Big Data Security Or SIEM Buzzword Parity? blog post)
We doubt that we would find anyone that would argue that there wasn’t a wealth of security-pertinent data made available by the various deployed technical controls and corresponding user actions in an enterprise environment. An argument that many would likely join in on, however, is the question of what data is relevant in a security context. Some might say that only network-level logs (such as firewall or IPS logs) and user-access-related logs are required, whereas others might include endpoint security logs, proxy-related logs and maybe even deep packet inspection data. Something that we can likely all agree upon, however, is that having access to information that might be required is likely better than lamenting not having access to it in the midst of a security incident. The fact is, security has become a ‘big data’ problem. If organizations want to collect all data (and we do mean ALL data) on the odd chance that it might contain information pertinent to the success of the security program, organizations need to start thinking less about security as a tangible defensive control and more as an abstraction layer atop enterprise data.
This report was written primarily by Andrew Hay with input from 451 Research’s Data Management & Analytics Research Manager, Matt Aslett.