In my line of work, I get asked to listen to countless product pitches and watch oodles of demonstrations. It can be informative and sometimes even mildly interesting, but I seldom find myself saying "I've got to see more of this stuff, and use it myself." A rare exception to this general trend hit me over the head earlier this week when I finally got together with members of the Spanish-based company Panda (a name many readers will recognize thanks to their long-standing and highly regarded anti-malware product offerings) to walk through the company's Adaptive Defense product instead.
It's not how big the "Big Data" is that counts: it's what gets done with it!
There's a branch of security technology endowed with the acronym SIEM (pronounced "seam," like the seam of your pants). This stands for "security information and event management," and watching Panda's Adaptive Defense product at work was essentially a tour-de-force illustration of what SIEM is, and what it can really do for those who know how to put it to work properly and effectively. A short recitation of the things I saw during this demo -- all of which depend on grabbing lots of event data, and making visual and technical sense of same -- may help you to appreciate what this product can do, and perhaps even generate some excitement of your very own:
1. A relationship graph that can base itself upon location, application, host type, and so forth that shows users activity and reports on suspected malware or software misbehavior.
2. When suspect or known malware is detected, the software can show you what processes it calls, what IP addresses it seeks to access, what files it writes.
3. If any kind of infection -- God forbid! -- gets underway, the software can trace and reconstruct its infection vectors, and track proliferation over time.
4. Should suspected malware appear at any time, Panda professionals can work with customers to proactively block "phone home" behavior from suspect programs, preventing them from leaking information outside company boundaries or firewalls.
5. The same technology that tracks what malware does can do ditto for any and all applications, to track what's in use on corporate networks and systems (and what's licensed and legal, or not).
All of this information is collected and managed in a huge Big Data collection, ready to be analyzed, sliced, and diced in all kinds of interesting ways. As soon as I can get some of the way-cool graphs and diagrams that Panda uses to display this kind of information I will, and you'll see an even more riveting and convincing illustration of this technology very hard at work.
This really helps me to "get" what SIEM is about, and gives me a strong inkling as to how and why Big Data is already changing how IT is practiced and managed. All I can say is "We ain't seen nothing yet." Stay tuned! And if you're looking for something good to do for yourself, IT career-wise, in the months and years ahead, I recommend you put some "Big Data" on it, whatever it may be...