• 11/13/2011
    10:21 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Red Lambda: Security Revolution Or Just Evolution?

Security statistics are depressing. The bad guys seem to be overwhelming the good guys, even when the good guys are well-known security vendors. So when an emerging company, such as Red Lambda, claims to have software that significantly improves the odds for the good guys, you need to pay close attention.

At the same time, the IT infrastructure is also undergoing great change because of the adoption of virtualization and cloud technologies, which, among other things, includes increased mobility of both virtual machines and data. That, in turn, increases exposure to potential and actual threats.

Then there is the explosive growth in data not only in volume, but also in variety and velocity. Security has to cover all of this; otherwise, there are gaps that can lead to breaches in data security. Red Lamdba refers to this as the "need for data-driven security for big data IT environments." But what they mean by "big data" is not specific data sources (as it is usually defined by system and storage vendors), but rather the entirety of an enterprise's data.

Red Lambda’s solutions examine all operational data--by which they mean all the metadata--about what is happening in a network environment, including log files. They do not touch the actual business data (such as emails and database transactions) at this time, but operational data is where the anomalies that represent threat vectors can be detected. Operational data sources can include telemetry, traffic, device, sensor, events and transient application data from IT systems, as well as external contextual data such as news, closed caption, weather, social, geographical and global threat feeds.

Red Lambda can also examine streams of incoming data in real time for decision-making, or it can be used to examine what has already happened in the IT information infrastructure so that corrective action can be taken to rectify what has already occurred.

The company’s secret sauce lies in what is called universal anomaly detection in real time (which means before a threat can do its nefarious thing). How can you detect what is bad when you have never seen it before? There are clues, such as attempts to change configuration data or to store executable files. In fact, a post (not real-time) analysis of familiar log data showed that the majority of threats could be detected using log information. Red Lambda does that on torrents of streams of data in real time.

The analytics revolution is well-represented by Red Lambda, which has math gurus designing sophisticated algorithms. For those of you whose eyes glaze over at the sight of high-powered math, please feel free to skip the next paragraph.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments