SAN FRANCISCO â€" Like other organizations, Zions Bancorporation was coping with increased cyberthreats and had reached “security appliance fatigue.â€Â With every new threat, a vendor would pop up with a brand new appliance.
The bank had a ton of security data, including Windows and IDS logs, but had difficulty leveraging it for security analytics. Two security information and event management (SIEM) systems helped with log analysis, but Zions reached the boundaries with existing technology in the hunt for its goal of enabling an information-driven security strategy.
For the Salt Lake City-based bank holding company, the answer was found by leveraging one of the vital hottest concepts in information security: big data. More specifically, it harnessed information from its disparate security data sources by developing a Hadoop-based security data warehouse.
“Big data seriously is not entirely hype…We think it is a game changer for the industry,†Preston Wood, chief security officer at Zions said Thursday in a presentation at RSA Conference 2012.
Wood said the tactic for employing security big data enables the corporate to mine data around the entire enterprise to hurry up forensics investigations and improve fraud detection, in addition to overall security.
The warehouse allowed Zions to collect data that was spread across multiple locations, and to maintain a pair years' worth of knowledge, that's better for security modeling, said Michael Fowkes, director of fraud management. The warehouse stores greater than 120 types of data, including transactions, logs, fraud alerts, server logs, firewall logs and IDS logs. After two years of collecting data, it currently stores 120 terabytes.
Zions uses a layer of analytics tools, both commercial and custom, and analysts to mine data. “To derive value from data," Fowkes said, "we obviously need people†who can dig into the knowledge.
Aaron Caldero, data scientist at Zions, said his position represents an emerging field that involves applying statistical methodologies to filter and mine data. He described the method as a special way of staring at data security that permits proactive rather than reactive security.
“Being a knowledge detective, i think like Sherlock Holmes,†he said.
Fowkes said the largest benefit with the gigantic data strategy for forensics was speed. Formerly, incident response involved a time-consuming strategy of examining voluminous log files. “Having that during Hadoop is like having distributed grep,†he said.
Kelly White, director of info security at Zions, said the massive data strategy has helped the corporate to enhance threat modeling. For instance, the safety analyst team had already identified signs of a spear phishing attack, but combining that data with the statistical methodologies boosts the bank's ability to spot potential attacks.
Account takeover â€" fueled by malware â€" is a huge security problem for financial firms, Fowkes said, however the intelligence provided via its big data strategy helps Zions to quickly act on intelligence it receives from various sources on malware threats and counter them.
In the long run, Wood said, the bank want to leverage analytics and intelligence for automatic response.
While implementing the same system could seem formidable to some organizations, Wood told attendees that a lot of them likely have pockets of the abilities needed for data-driven security analytics. Rather than counting on security products and the reports they produce, he advised security teams “to take a better take a look at your data and gain that intelligence yourself.â€
A big data security strategy isn't a product you should buy, Wood said. He said organizations can start small and leverage the tools they have got, and might investigate business intelligence or open source tools.
“View big data as a journey rather than a destination,†he said.
View all of our RSA 2012 Conference coverage.
Nessun commento:
Posta un commento
Comments links could be nofollow free