Enterprise Cybersecurity: Solutions For The Big Data Era

140 character summary: The trend for enterprise security is more (devices, threats, …). My thesis: the most promising solutions are built on & for the Internet.

Last week, I discussed personal cybersecurity in this age of multiple Internet-connected devices. This week I look at the challenges of cybersecurity for organisations. If you think managing cybersecurity for one person and their various computing devices is difficult enough, imagine trying to keep out malware and other nefarious activity for hundreds or thousands of employees. That’s the challenge for today’s organisations; and in particular, their IT departments.

Cybersecurity for organisations has changed significantly since I last worked for a corporation. I was a Web Manager at the turn of the century, so I had at least a small role in making sure the company Intranet was secure and the external website free from hackers. But in 2016, the threat level is significantly wider. Big Data, Mobile, Cloud, Internet of Things and Virtualisation are just some of the technologies that IT departments need to worry about now from a security perspective. Another key risk in 2016 is employees connecting their own devices – such as smartphones and tablets – to the company network. Not to mention the risk of connecting company devices – such as laptops – to home networks, cafe wireless networks, and so on.

The general trend for cybersecurity in enterprises is MORE. More devices to safeguard, more threats, more lapses from employees, more intelligent hackers to deal with. When researching this post, I discovered that there are MORE security solutions too. Cybersecurity Ventures, a specialist research and market intelligence firm, publishes a quarterly list of 500 top cybersecurity companies. The category drop-down list has twenty-one different categories and even more technology types (examples include Encryption, Mobile App Security, and something called “Situational Awareness”).

Even with such a wide variety of enterprise cybersecurity companies, there is a common thread: the top solutions are built on leading edge Internet technologies. I’ll look at three examples. One uses a search engine model, one is a Big Data analytics engine, and the final one uses Augmented Intelligence.

Tanium is the first company I’ll discuss. Currently it’s flavor of the month with Silicon Valley media, due to a hefty investment from trendy VC firm Andreessen Horowitz. Tanium calls itself an “endpoint platform,” which means that it scans and identifies all devices that connect to a network – including previously unknown devices such as Melinda from Marketing’s Apple Watch or Ben from Accounts’s old Nokia phone. With its natural language search interface and real-time results, Tanium claims to be a “Google-like search for your IT data.” It achieves the Google effect by using a peer-to-peer architecture – which, in simple terms, means it’s not just one master machine doing the scanning.

So with its search interface and P2P setup, Tanium is very much an Internet inspired security solution.

Splunk is another firm using next-generation Internet technologies to tackle cybersecurity. It styles itself as an “Operational Intelligence” platform. Whereas Tanium has focused on the search paradigm, Splunk focuses on data analytics. Or as it’s known in the Internet world, Big Data. The key selling point for Splunk is that it takes “machine-generated data” – which includes user logs, configurations, data from APIs, message queues, change events, and more – and turns it into actionable insights.

Another highly regarded security company using Internet technologies is Palantir, which uses the term “augmented intelligence” to describe its approach. The company was co-founded by Peter Thiel, one of the founders of Paypal. According to its Wikipedia page, the idea for Palantir “grew out of technology developed at PayPal to detect fraudulent activity, much of it conducted by Russian organized crime syndicates.” Based on this experience, Palantir’s founding team recognised that “artificial intelligence could not defeat an adaptive adversary.” So they built a system that finds and gathers the data – probably in a similar way to Tanium and Splunk – but then lets human analysts explore it. Palantir called this approach “augmenting human intelligence” (a quote from its About page).

Palantir is used in a number of US government departments, including those dealing with counter-terrorism. It’s also being used by the LAPD to help fight crime. Sergeant Peter Jackson of the LAPD said, in a leaked report, that Palantir enables them to “do things that we could not do before. They [LAPD detectives] can now exactly see great information and the links between events and people.”

Both Splunk and Palantir have various other uses, other than cybersecurity. But whatever use cases these products cover, they are at heart data analysis platforms. Tanium too has a big data analysis component, because it needs to identify which devices on a network need to be updated for security. So if I had to select the most important feature in enterprise security systems today, it would be analytics. These products must be able to surface the right data, from a very large pool that includes Internet data, in order to keep organisations secure. All three of the companies I have discussed have strong data analysis features.

In conclusion, although enterprise cybersecurity is a wide and varied topic, it’s clear that Internet technology is driving a lot of the innovation in this sector. I have to say, researching this post has made me realise that there are incredibly sophisticated cybersecurity solutions out there. Which makes me feel more optimistic about the ability of our organisations – whether in government, nonprofit or business – to keep out the bad guys and minimise security breaches.