andrewsmhay
Andrew Hay
If you heard the term 'big data security', who would you group into that category?
grey_area
Tadd Axon
@andrewsmhay assuming we're working with the defintion "big data" = "unstructured data", then that's a potentially huge list...
@andrewsmhay assuming we're working with the defintion "big data" = "unstructured data", then that's a potentially huge list...
andrewsmhay
Andrew Hay
@grey_area right, but can you define a line between 'security' and 'analytics'? Might make it smaller...
@grey_area right, but can you define a line between 'security' and 'analytics'? Might make it smaller...
grey_area
Tadd Axon
@andrewsmhay context is of course, everything... on the one hand it could be traditional file/CMS security solutions... on the other...
@andrewsmhay context is of course, everything... on the one hand it could be traditional file/CMS security solutions... on the other...
grey_area
Tadd Axon
@andrewsmhay ...logging/monitoring providers that can interface with the analytics engines. DLP if looking at protecting analysis results...
@andrewsmhay ...logging/monitoring providers that can interface with the analytics engines. DLP if looking at protecting analysis results...
grey_area
Tadd Axon
@andrewsmhay i think the semi-sarcastic, semi serious answer starts with Splunk.
@andrewsmhay i think the semi-sarcastic, semi serious answer starts with Splunk.
djglass
Dan Glass
@grey_area @andrewsmhay I agree that splunk is a start but I think rsa envision and especially q1 qradar take it up a notch
@grey_area @andrewsmhay I agree that splunk is a start but I think rsa envision and especially q1 qradar take it up a notch
andrewsmhay
Andrew Hay
@djglass @grey_area ah, but now you've made the classic mistake of thinking that 'big data security' = log management/SIEM products.
@djglass @grey_area ah, but now you've made the classic mistake of thinking that 'big data security' = log management/SIEM products.
djglass
Dan Glass
@andrewsmhay then nobody has stepped up in a meaningful way. NoSQL is a security mess. Maybe ora or emc step up or buy someone who does
@andrewsmhay then nobody has stepped up in a meaningful way. NoSQL is a security mess. Maybe ora or emc step up or buy someone who does
amrittsering
Amrit Williams
@djglass @andrewsmhay Sucking in flow data and focusing on event feeds is different than intentionally analyzing petabytes of noisy sec data
@djglass @andrewsmhay Sucking in flow data and focusing on event feeds is different than intentionally analyzing petabytes of noisy sec data
andrewsmhay
Andrew Hay
@amrittsering @djglass and not just petabytes of sec data….other data that might contain security-relevant or security-adjacent info
@amrittsering @djglass and not just petabytes of sec data….other data that might contain security-relevant or security-adjacent info
grey_area
Tadd Axon
@andrewsmhay @amrittsering @djglass sorry "big data security" or "big security data"?
@andrewsmhay @amrittsering @djglass sorry "big data security" or "big security data"?
djglass
Dan Glass
@grey_area @andrewsmhay @amrittsering ha! Now I'm curious how much 1k of real data spawns in sec data on average? #lazyweb
@grey_area @andrewsmhay @amrittsering ha! Now I'm curious how much 1k of real data spawns in sec data on average? #lazyweb
kylemaxwell
Kyle Maxwell
@djglass @grey_area @andrewsmhay @amrittsering (side note: hope one of you writes a blog post based on the convo)
@djglass @grey_area @andrewsmhay @amrittsering (side note: hope one of you writes a blog post based on the convo)
grey_area
Tadd Axon
@andrewsmhay @djglass part, not all, no? Other issues: app level access control, source & result data integrity & access control & reporting
@andrewsmhay @djglass part, not all, no? Other issues: app level access control, source & result data integrity & access control & reporting
andrewsmhay
Andrew Hay
@grey_area @djglass if only there were a magical quadrant that I could draw on the ground to summon the answer :P
@grey_area @djglass if only there were a magical quadrant that I could draw on the ground to summon the answer :P
grey_area
Tadd Axon
@andrewsmhay @djglass but will it have more than the usual suspects (previously mentioned)? Does it really need to?
@andrewsmhay @djglass but will it have more than the usual suspects (previously mentioned)? Does it really need to?
andrewsmhay
Andrew Hay
@djglass @grey_area If you're a SIEM/LM vendor, you can't just slap "big data" on some materials and be anointed as a player in that space
@djglass @grey_area If you're a SIEM/LM vendor, you can't just slap "big data" on some materials and be anointed as a player in that space
andrewsmhay
Andrew Hay
@grey_area for example, Zettaset's main focus is analytics but they also have a 'security lense'
@grey_area for example, Zettaset's main focus is analytics but they also have a 'security lense'