Managing The Big Data System Incident And Event Management Logs To Identify The Infrastructure's Security Risk Profile

Fifteen quintillion (15,000,000,000,000,000,000) bytes of storage capacity, with well over one million servers – that's one estimate of the data stored at Google Inc., a company considered to have more data storage capacity than any other organization in the world.

Companies like Google have the ability to send data on its health and welfare to a centralized collection point. Traditionally, most system operators chose not to configure that functionality due to the enormous amount of data that could be sent. Most of the data is usually useless, unless trying to triage a specific problem – and even then, going through all of the data is typically manually intensive.

Security Information and Event Management (SIEM) systems have significantly improved, and serve as the central aggregation point for the data of all systems. Fine-tuning and customizing the tools is an art, not a science. Since all businesses are unique with their own sets of requirements and priorities, no tool off the shelf will immediately solve all problems. Being able to customize any tool requires a deep understanding of your specific environment and the context of the data your internal system maybe providing to those tools. As discussed in my previous post, you can use the following six-point framework:

  • Policies
  • Asset Inventory
  • Application Inventory
  •  Correlating Business Requirements With Available/Implemented Technology
  • Application Profile
  • KPI's

Once a technologist is able to bridge the understanding of the business requirements with the available tools, an asset is gained in being able to manage, collect, and process data. Managers are then also able to identify and differentiate alerts. A server viewing bank payment receipts needs a stronger perimeter of defense than one that views information related to the office Christmas party. The efficiency of these tools becomes more noticeable and valuable. The efficiency is effectively the business risk profile.

Consideration of data risk is relevant whether it is in hard copy or soft copy form. Examples include:

  • Fraud due to theft of data
  • Business disruption due to data corruption of unavailability
  • Execution delivery failure due to inaccurate data
  • Breach of legal compliance obligations resulting from disclosure of sensitive data

By creating a self- healing architecture, executives and technologists can form an efficient model for processing and analyzing data, and also have the ability to prepare a data recovery and business continuity plans in the event of compromise – hence removing the barrier of traditional deployments to skip the configuration of data collection of deployed systems.

*Image source