A security software firm has introduced a security data warehouse stack that analyzes reams of data on a network to identify and intervene to thwart security threats. Zettaset’s software, based on the open source Hadoop software framework, mines security information from network firewalls, security devices, website traffic, business processes and other transactions, for a security practice known collectively as security incident and event management (SIEM).
The Zettaset Security Data Warehouse (SDW) product was recently unveiled at the annual Black Hat network security conference in Las Vegas. While the open source SDW software is free, the company also sells related system management software and an application that customizes the SDW to a particular industry vertical, such as financial services or health care, says Brian Christian, Zettaset’s founder and CEO.
The SDW stack can be downloaded onto a cluster of servers, maybe five to 10 in a typical environment, Christian says, although the product is scalable to run on many more servers in order to analyze petabytes of data. "Then you can begin piping in event data, business data, anything that can lead to a better understanding of any malicious anomalies or behavior," he says.
The product analyzes security threats that are becoming more sophisticated as of late, such as malware attacks, Christian says. Oftentimes, malware may penetrate a corporate network and lay dormant for a long time before it is executed, which may be when it starts copying sensitive data, such as customer credit card numbers, and offloading it from the network.
The Zettaset SDW is designed to look back in time to when that malware entered the network, says Tom Masucci, head of sales for Zettaset.
"In most SIEM-like environments, you are analyzing data in seconds," says Masucci. "What we’re finding is that the events are [now] the low and slow internal reconnaissance type of events that take place over time. So with the Security Data Warehouse, we are able to extend your time horizon to several months in the past."
The IT security industry has been looking for software that would dig for security threats in vast amounts of data held by enterprises, known generally as big data, according to Scott Crawford, a research director at Enterprise Management Associates.
Crawford wrote about the need for "data-driven security" in an Aug. 1 blog post: "By this I mean the increased leverage of data mining and analysis to deliver more detailed and accurate insight into the reality of the security posture from large and often diverse data sets."
Crawford also identified Pervasive Systems as a company developing technology for advanced SIEM processing, "which could have a significant application to security," but cautioned that the development of the technology is early. "We are still ... only at the very beginning of trends for leveraging big data techniques in the service of security," Crawford wrote.
See more on this topic by subscribing to Network Computing Pro Reports Alert: SSDs: Better, Stronger, Faster (subscription required).