9/30 - Incident response
We talk about the new age of information and how easy and fast gathering information is. Many companies live on the big data mentality focusing on volume instead of value. When it comes to incident response it about value not volume. In todays world there no shortage on information, seminars, conferences based on information security. The over hyped trend toward big data can be a security risk in own its right. Sometimes to much data has to little value to security operations or incidents. Organizations think the best way to tackle security is to get access to everything data source they think is important, and warehousing the data. The issue is the volume and value of the data being warehoused. Some data has significant value and little volume and other data has no value with a lot of volume.
How can you effectively use big data to your advantage and is big data data right for your organization? The first thing organizations need to do is get rid of the "let's store and analyze everything we can get our hands on" mentality. Organizations are so scared of missing something that they waste resources analyzing everything. To much data creates confusion, inconsistent analysis and inefficiency when finding answers to the correct questions regarding security and incident response. Some would say more data would give more complete answers and more information to validate the answer. They may be the correct in assuming more volume means more validation, what if you can not get the data you need in a timely manner cause of the volume of data. This is a problem amongst the organizations with the big data mentality information can not be retrieved in a timely manner. the reason for the delay is storage is consumed by large volumes of data that have value, and thus creating issues when an incident happens that has a historical background or been around a while. retrieving the information can be difficult cause of storage issues reducing the retention time.
If big data mentality is the option I would suggest a conservative approach to big data. This might sound contradicting but if you can collect big data and store the value instead of volume you may be able to benefit form a conservative approach. Identifying and validating efficient collection points and determining logging and visibility needs will help reduce the amount volume and increase the amour value in the data stored.
http://www.securityweek.com/incident-response-focus-big-value-not-big-data
We talk about the new age of information and how easy and fast gathering information is. Many companies live on the big data mentality focusing on volume instead of value. When it comes to incident response it about value not volume. In todays world there no shortage on information, seminars, conferences based on information security. The over hyped trend toward big data can be a security risk in own its right. Sometimes to much data has to little value to security operations or incidents. Organizations think the best way to tackle security is to get access to everything data source they think is important, and warehousing the data. The issue is the volume and value of the data being warehoused. Some data has significant value and little volume and other data has no value with a lot of volume.
How can you effectively use big data to your advantage and is big data data right for your organization? The first thing organizations need to do is get rid of the "let's store and analyze everything we can get our hands on" mentality. Organizations are so scared of missing something that they waste resources analyzing everything. To much data creates confusion, inconsistent analysis and inefficiency when finding answers to the correct questions regarding security and incident response. Some would say more data would give more complete answers and more information to validate the answer. They may be the correct in assuming more volume means more validation, what if you can not get the data you need in a timely manner cause of the volume of data. This is a problem amongst the organizations with the big data mentality information can not be retrieved in a timely manner. the reason for the delay is storage is consumed by large volumes of data that have value, and thus creating issues when an incident happens that has a historical background or been around a while. retrieving the information can be difficult cause of storage issues reducing the retention time.
If big data mentality is the option I would suggest a conservative approach to big data. This might sound contradicting but if you can collect big data and store the value instead of volume you may be able to benefit form a conservative approach. Identifying and validating efficient collection points and determining logging and visibility needs will help reduce the amount volume and increase the amour value in the data stored.
http://www.securityweek.com/incident-response-focus-big-value-not-big-data
No comments:
Post a Comment