10:21 AM
David Hill
David Hill

Red Lambda: Security Revolution Or Just Evolution?

Security statistics are depressing. The bad guys seem to be overwhelming the good guys, even when the good guys are well-known security vendors. So when an emerging company, such as Red Lambda, claims to have software that significantly improves the odds for the good guys, you need to pay close attention.

At the same time, the IT infrastructure is also undergoing great change because of the adoption of virtualization and cloud technologies, which, among other things, includes increased mobility of both virtual machines and data. That, in turn, increases exposure to potential and actual threats.

Then there is the explosive growth in data not only in volume, but also in variety and velocity. Security has to cover all of this; otherwise, there are gaps that can lead to breaches in data security. Red Lamdba refers to this as the "need for data-driven security for big data IT environments." But what they mean by "big data" is not specific data sources (as it is usually defined by system and storage vendors), but rather the entirety of an enterprise's data.

Red Lambda’s solutions examine all operational data--by which they mean all the metadata--about what is happening in a network environment, including log files. They do not touch the actual business data (such as emails and database transactions) at this time, but operational data is where the anomalies that represent threat vectors can be detected. Operational data sources can include telemetry, traffic, device, sensor, events and transient application data from IT systems, as well as external contextual data such as news, closed caption, weather, social, geographical and global threat feeds.

Red Lambda can also examine streams of incoming data in real time for decision-making, or it can be used to examine what has already happened in the IT information infrastructure so that corrective action can be taken to rectify what has already occurred.

The company’s secret sauce lies in what is called universal anomaly detection in real time (which means before a threat can do its nefarious thing). How can you detect what is bad when you have never seen it before? There are clues, such as attempts to change configuration data or to store executable files. In fact, a post (not real-time) analysis of familiar log data showed that the majority of threats could be detected using log information. Red Lambda does that on torrents of streams of data in real time.

The analytics revolution is well-represented by Red Lambda, which has math gurus designing sophisticated algorithms. For those of you whose eyes glaze over at the sight of high-powered math, please feel free to skip the next paragraph.

David Hill is principal of Mesabi Group LLC, which focuses on helping organizations make complex IT infrastructure decisions simpler and easier to understand. He is the author of the book "Data Protection: Governance, Risk Management, and Compliance." View Full Bio
2 of 3
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed