Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Red Lambda: Security Revolution Or Just Evolution?: Page 2 of 3

At the same time, the IT infrastructure is also undergoing great change because of the adoption of virtualization and cloud technologies, which, among other things, includes increased mobility of both virtual machines and data. That, in turn, increases exposure to potential and actual threats.

Then there is the explosive growth in data not only in volume, but also in variety and velocity. Security has to cover all of this; otherwise, there are gaps that can lead to breaches in data security. Red Lamdba refers to this as the "need for data-driven security for big data IT environments." But what they mean by "big data" is not specific data sources (as it is usually defined by system and storage vendors), but rather the entirety of an enterprise's data.

Red Lambda’s solutions examine all operational data--by which they mean all the metadata--about what is happening in a network environment, including log files. They do not touch the actual business data (such as emails and database transactions) at this time, but operational data is where the anomalies that represent threat vectors can be detected. Operational data sources can include telemetry, traffic, device, sensor, events and transient application data from IT systems, as well as external contextual data such as news, closed caption, weather, social, geographical and global threat
feeds.

Red Lambda can also examine streams of incoming data in real time for decision-making, or it can be used to examine what has already happened in the IT information
infrastructure so that corrective action can be taken to rectify what has already occurred.

The company’s secret sauce lies in what is called universal anomaly detection in real time (which means before a threat can do its nefarious thing). How can you detect
what is bad when you have never seen it before? There are clues, such as attempts to change configuration data or to store executable files. In fact, a post (not real-time)
analysis of familiar log data showed that the majority of threats could be detected using log information. Red Lambda does that on torrents of streams of data in real time.

The analytics revolution is well-represented by Red Lambda, which has math gurus designing sophisticated algorithms. For those of you whose eyes glaze over at the sight of high-powered math, please feel free to skip the next paragraph.