HP today took the wraps off its Big Data Security strategy, describing how combining the enterprise search and knowledge management resources from its Autonomy subsidiary with its ArcSight security-event and information management (SIEM) can yield new ways to detect cyberattacks or rogue-employee behavior.
HP's approach, like that of rivals IBM and RSA, calls for use of SIEM tools as a foundation for so-called Big Data Security. The concept of Big Data Security presumes that artful analysis of massive amounts of data content, in addition to the traditional security-related event information that's collected through a SIEM, can produce a better way to quickly pinpoint security problems.
"Data is increasing and doubling every two years but companies aren't getting enough intelligence out it," says Varun Kohli, HP director of product marketing, enterprise security products, who argues larger organizations now regard their massive stores of data not just in terms of exabytes but brontobytes.
In terms of using any of this data for purposes of security, HP is making the case that enterprise-stored content amassed on the fly can be harnessed in non-traditional ways to find out about certain things that have security implications.
HP's approach calls for making use of the data that can be analyzed with its Autonomy enterprise search and knowledge management applications and uniting some of these findings with the HP ArcSight SIEM. He notes Autonomy can monitor any website, social media sites like Facebook and Twitter, and other online sources to analyze content of interest. By correlating it with ArcSight, the SIEM can monitor employee behavior online or watch for unauthorized posting of sensitive information, he says.
Kohli says it's not only possible to pinpoint rogue-employee behavior related to data leaks but even learn in advance about cyberattacks being planned online against the organization by hactivists, who often post IP addresses to attack.
"Autonomy gives meaning to data. It can find out what people are saying, whether positive or negative things, online," says Kohli. "It could collect data that someone is going to launch an attack on my bank, for instance."
Autonomy, acquired by HP for $10.3 billion in late 2011, is said to have about 20,000 customers, and they would be the first likely participants to try out HP's Big Data Security approach. Kohli acknowledges that what's being tested today probably just "scratches the surface" in terms of the potential down the road. IBM and RSA, which recently introduced their own Big Data Security strategies, also admit it's early in the game.
One of the main questions, of course, is whether IT security professionals and data managers will show the level of interest and engagement needed to pursue what is still an emerging technology in mining "big data" for the purposes of security.
Sign up for Computerworld eNewsletters.