Are you aware of a theft of big data? I will ask in a slightly different way: Do you know of any instance where a commercial big data cluster was exposed to an attacker who mined the cluster for fun or profit? Hackers are unlikely to copy a big data set – why bother moving terabytes when they can use your cluster to store and process your data. I am unaware of any occurrences, public or private. And no, LexisNexis and ChoicePoint, where the attackers had valid user credentials, don’t count. Please comment if you know of an example.
I ask because I have been reading about how vendors are combatting the billions of dollars of theft in the big data space, but I am unaware of any such big data cyberthefts. In fact I have not heard of one dollar being stolen. Unless you count the NSA collection of vast amounts of personal data as thieving, but I hope we can agree that is different in several ways. So my question stands: “Who was attacked? Where did the thefts occur?” I don’t want to deprecate security around big data clusters because we have not yet seen an attack – we do need cluster security, and I am certain we will eventually see attacks. But hyperbole won’t help anyone. Executive management teams have heard this FUD before. In the early days before CISO’s, security cried “Vulnerabilities will eat your grandmother!” one too many times, and management turned their collective backs. This round of FUD will not help IT teams get budget or implement security in and around big data clusters.
Another question: Are you aware of any security analytics tools, policies, algorithms, or MapReduce queries that can detect a big data breach? I doubt it. Seriously doubt it. The application of big data and data mining for security is focused on fraud detection and bettering SIEM threat detection capabilities. As of this writing no SIEM tool protects big data. No one has written a MapReduce query to find “the bad buys” illegally using a big data cluster. Today that capability does not exist. We have only the most basic monitoring features to detect misuse of big data clusters from the Database Activity Monitoring vendors – they are so limited that they are barely worth mentioning.
Of course I expect all this to change. We will see attacks on big data, and we will see more security tools focused on protecting it, and we will use analytics to detect misuse there as well as everywhere else. When that will change, I cannot say. After the first few big data breaches, perhaps?
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian’s DR post: Why Database Assessment.
- Adrian’s white paper on What Every DBA Should Know.
Favorite Securosis Posts
- Adrian Lane: Getting to Know Your Adversary.
- Mike Rothman: Security Analytics with Big Data: Integration. All Adrian needs is to mention either BYOD or APT in this blog series to hit the security marketing hyperbole trifecta! Kidding aside, he is doing a good job structuring the discussion of how to leverage big data to solve security problems.
Other Securosis Posts
- We are all guilty of something.
- Talking Head Alert: Mike on Phishing Webcast.
- Incite 6/12/2013: The Wall of Worry.
- The Securosis Nexus Beta 2 Begins!
- Network-based Malware Detection 2.0: The Network’s Place in the Malware Lifecycle.
- Security Analytics with Big Data: Integration.
- DDoS: It’s FUD-eriffic!
- Quick thoughts on the iOS and OS X security updates.
- Groupthink Kills Your Security Layers.
- A truism of security information sharing.
- Getting to Know Your Adversary.
- Friday Summary: June 7, 2013.
Favorite Outside Posts
- Rich: Gartner Reveals Top 10 IT Security Myths. Not sure this is the top 10 but it is a good list. Item 3 lacks nuance, however.
- Adrian Lane: Upcoming revelations speculations. Robert Graham has been on a roll lately. This ‘revelations’ post is a fun read, throwing scenarios out there and seeing what’s plausible, furthering the Snowden Leaks story line. The Skype speculation is unsettling – it is both entirely plausible and simultaneously sounds totally insane to normal people: two common elements of many declassified cold war stories.
- Mike Rothman: Sacke Notes: Cofficers – A New Breed in a New Economy. I will probably use this as an Incite topic, but it’s a pretty good view into my working lifestyle. In fact I am in my coffee shop office now putting this link in. How perfect is that?
Research Reports and Presentations
- Email-based Threat Intelligence: To Catch a Phish.
- Network-based Threat Intelligence: Searching for the Smoking Gun.
- Understanding and Selecting a Key Management Solution.
- Building an Early Warning System.
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
Top News and Posts
- The Secret War. Profile of the man running US ‘cyber-war’ efforts.
- Microsoft Disrupts Citadel botnet.
- Facebook Unveils Presto. Speedy replacement for Hive.
- Cyber Security and the Second Amendment.
- Banker’s Nap Costs Millions.
- Lawsuit filed over NSA phone spying program.
- Microsoft Security Bulletin Summary for June 2013.
- Democratic Senator Defends Phone Spying, And Says It’s Been Going On For 7 Years.
- Expert Finds XSS Flaws on Intel, HP, Sony, Fujifilm and Other Websites.
Blog Comment of the Week
This week’s best comment goes to -ds, in response to A truism of security information sharing.
Maybe information sharing will be easier now that we know the NSA have it all already.
Comments