1 Comment

Summary:

Today, I read a press release from Sourcefire touting its “big data” approach to security and the fact that its Immunet anti-malware-for-PCs product is now monitoring 2 million endpoints. I reached out to find out what’s under Immunet’s covers and, no surprise, found Hadoop.

No access

Sourcefire is now monitoring 2 million endpoints as part of its Immunet anti-malware product, and Hadoop is doing the heavy lifting of analyzing the hundreds of terabytes of data those endpoints are pumping into the company’s centralized data store. This just goes to prove my point that security and big data are a match made in heaven.

As is the case with many security services, Immunet isn’t a Hadoop product as much as it is a product that uses Hadoop (a sign that the technology is maturing). Two millions endpoints generate a lot of data (in number of items, at least, if not in volume), and it takes some special tools to store and process all that information. The more information that SourceFire can determine about threats, the better it can protect is users. Users don’t care about Hadoop, NoSQL or any other IT buzzwords — they just care that their computers are safe — but companies like Sourcefire certainly do.

According to an email from Zulfikar Ramzan, Sourcefire’s chief scientist within its Cloud Technology Group, “Hadoop is one of the more prominent technologies we use, though we have also built some custom technologies as well.” He said the company also constantly evaluates new technologies such as NoSQL databases, but the trick is finding tools that are “well baked enough for use in production environments” and that meet specific needs. Hadoop, for example, is great for general data mining purposes, but SourceFire has custom-built some tools for real-time workloads that the batch-oriented Hadoop can’t readily address.

As for what it does with all that data — hundreds of terabytes and growing — Ramzan said SourceFire is primarily concerned with detecting anomalies, whitelisting “clean” files and indentifying trends. The first two are pretty self-explanatory — it’s important to detect new threats based on suspicious activity, but it’s also important to not falsely label known safe files as being infected — but the latter is a situation where big data techniques can take traditional security analytics to the next level. Ramzan wrote that, “[W]e mine data for threat related trends — such as which threats are the most popular, what geographic regions are seeing disproportionate threat activity, what global threat characteristics we are seeing, etc.”

Presumably, Sourcefire also utilizes its repository of threat data and analytics tools to power its line of intrustion-detection-and-prevention products designed for business users rather than consumers. ipTrust is already doing just that, using Hadoop, Cassandra and other tools in a system that assigns reputation scores to IP addresses attempting to access a company’s network.

Sometimes, however, Hadoop isn’t the answer even in decidedly big data environments. CloudFlare CEO Matthew Prince recently explained his company, which provides network security and performance for web sites, tried Hadoop early but found it didn’t scale or perform up to the company’s needs. Rather than spend money it didn’t have as an early-stage startup trying to make Hadoop fit its needs, which involve a constant stream of traffic data, CloudFlare built its own tool. The result was “SortaSQL,” a hybrid key-value store that combines the PostgreSQL database with the Kyoto Cabinet key-value store.

But Hadoop or not, the song remains the same: companies building cloud-based security services have data needs that legacy database software can’t handle. They also want to do new things to the data to glean even more insights from it. Given the incredible number of Internet-connected devices on the planet — mobile phones, for example, now outnumber people in the United States– it seems there’s a big business in giving security companies the big data tools they need to do their jobs without making them reinvent the wheel at the data-platform layer.

Image courtesy of Geograph user Ross.

You’re subscribed! If you like, you can update your settings

  1. More proof that big data, security are soulmates http://t.co/1HEKkscJ #Cloudcomputing

  2. Luca Filigheddu Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/mpRDYDek

  3. More proof that big data, security are soulmates: Today, I read a press release from Sourcefire touting its “big… http://t.co/hNH2vMwA

  4. More proof that big data, security are soulmates http://t.co/RvmZOPSM @GigaOM

  5. More proof that big data, security are soulmates http://t.co/1N0k8nZl

  6. More proof that big data, security are soulmates http://t.co/VO1B1rEj

  7. More proof that big data, security are soulmates http://t.co/rLgD3bgW

  8. amazinginteriors Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/GamMd3OJ

  9. Jacquelyn Jenkins Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/vsRiThtK #cloud #gigaom

  10. More proof that big data, security are soulmates Today, I read a press release from Sourcefire touting i #voip #telcom http://t.co/eQtRa37H

  11. More proof that big data, security are soulmates http://t.co/JzuT4bem

  12. More proof that big data, security are soulmates http://t.co/XbZGtltH

  13. Yasbella Sebastian Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/CdG5JlzV

  14. More proof that big data, security are soulmates http://t.co/EKUXHJzG

  15. More proof that big data, security are soulmates http://t.co/FkAiV1pE

  16. Stacey Higginbotham Monday, November 28, 2011

    RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  17. Interesting piece from @gigaom: More proof that big data, security are soulmates http://t.co/iSPIhTN8

  18. Opera Solutions Monday, November 28, 2011

    RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  19. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  20. gigaom: More proof that big data, security are soulmates http://t.co/Ga9NchCZ

  21. More proof that big data, security are soulmates http://t.co/uHUIUAi3 via Derrick Harris

  22. George T. Thibault Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/cGVlztx1

  23. Pervasive Software Monday, November 28, 2011

    RT @gigaom: More proof that big data, security are soulmates http://t.co/MwtCvmQ1

  24. RT @gigaom: More proof that big data, security are soulmates http://t.co/AOx983bY

  25. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  26. More proof that big data, security are soulmates: http://t.co/p2Dkwwua

  27. More proof that big data, security are soulmates: Sourcefire is now monitoring 2 million… http://t.co/ELuIxpCk

  28. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  29. Jonathan Eggers Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/s9Bk9j59

  30. More proof that big data, security are soulmates http://t.co/xKlbgWZP

  31. Paul Ballardin Monday, November 28, 2011

    Social Media News : More proof that big data, security are soulmates http://t.co/xYS0z3bA

  32. More proof that big data, security are soulmates — Cloud Computing … http://t.co/LyGJqDkQ

  33. RT @gigaom: More proof that big data, security are soulmates http://t.co/21BIeVgv

  34. Olafur Ingthorsson Monday, November 28, 2011

    More proof that big data, security are soulmates: Today, I read a press release from Source… http://t.co/BsmL2XmW CloudComputingTopics

  35. http://t.co/KEI0cI2Y More proof that big data, security are soulmates http://t.co/pb3v5zPw http://t.co/5f2ioHda

  36. http://t.co/pWy6lGxr More proof that big data, security are soulmates http://t.co/UIpOtcK6 http://t.co/slvTVo4s

  37. More proof that big data, security are soulmates: The first two are pretty self-explanatory — it’s important to … http://t.co/NASxDSlA

  38. #cloud More proof that big data, security are soulmates – Today, I read a press release from Sourcefire touting its … http://t.co/WhOI9wMl

  39. RT @Alltop_Social Alltop_Social: More proof that big data, security are soulmates http://t.co/ASYiRT7o Social-Media…. http://t.co/IAw8LPLo

  40. Zulfikar Ramzan Monday, November 28, 2011

    RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  41. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  42. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  43. Network Reading Monday, November 28, 2011

    More proof that big data, security are soulmates: Today, I read a press release from Sourcefire touting its “big… http://t.co/6EqjSih5

  44. More proof that big data, security are soulmates: According to an email from Zulfikar Ramzan, So… http://t.co/rlD3gUfM #bigdata #blogs

  45. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  46. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  47. More proof that big data, security are soulmates http://t.co/Z5lGOux4

  48. More proof that big data, security are soulmates http://t.co/P2nZicX4

  49. Mourad Ben Lakhoua Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/qJxyPYbE via @zite

  50. More proof that big data, security are soulmates http://t.co/YKnE1qlz

  51. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  52. : More proof that big data, security are soulmates http://t.co/5VjYErqG

  53. Nice article about Sourcefire’s “big data” backend that our Immunet technology uses.
    http://t.co/g27jJKn1

  54. RT @mroesch: Nice article about Sourcefire’s “big data” backend that our Immunet technology uses.
    http://t.co/g27jJKn1

  55. Bryan HorstmannAllen Monday, November 28, 2011

    RT @mroesch: Nice article about Sourcefire’s “big data” backend that our Immunet technology uses.
    http://t.co/g27jJKn1

  56. Kirill Sheynkman Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/MVhA295f

  57. Richard Campione Monday, November 28, 2011

    #Security is a great #BigData app: More proof that big data & security are soulmates http://t.co/8BpaW7U0 v @sheynkman #Hadoop #NoSQL

  58. RT @mroesch: Nice article about Sourcefire’s “big data” backend that our Immunet technology uses.
    http://t.co/g27jJKn1

  59. RT @mroesch: Nice article about Sourcefire’s “big data” backend that our Immunet technology uses.
    http://t.co/g27jJKn1

  60. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  61. More proof that big data, security are soulmates — Cloud Computing …: Today, I read a press re… http://t.co/CtC70qq5 #bigdata #blogs

  62. The big data game. It is not about Hadoop a product but rather how you use it to fit needs. http://t.co/gr3pjJzX

  63. Ricardo Jurado Monday, November 28, 2011

    “@JennaHannon: The big data game. It is not about Hadoop a product but rather how you use it to fit needs. http://t.co/B0AiQEnx” Agree 100%!

  64. Vishy Gopalakrishnan Monday, November 28, 2011

    Add #m2m endpoints and this is even more so. More proof that big data, security are soulmates http://t.co/2xpY3NpC

  65. RT @campione: #Security is a great #BigData app: More proof that big data & security are soulmates http://t.co/8BpaW7U0 v @sheynkman #Hadoop #NoSQL

  66. RT @gigaom: More proof that big data, security are soulmates http://t.co/tHJ0O1Zn

  67. More proof that big data, security are soulmates http://t.co/vh6lmBlZ

  68. More proof that big data, security are soulmates http://t.co/Oq2mHijI

  69. Brian Livingston Monday, November 28, 2011

    RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  70. Ruth Protpakorn Monday, November 28, 2011

    More proof that big data, security are soulmates http://t.co/mbur5xWI

  71. More proof that big data, security are soulmates http://t.co/y4JCLZFK

  72. More proof that big data, security are soulmates http://t.co/GcduZ0QN Very interested to see how big data and security evolve in 2012.

  73. More proof that big data, security are soulmates — Cloud Computing News http://t.co/yYZcNNAd, see more http://t.co/NEyVVHnO

  74. Celestino Güemes Monday, November 28, 2011

    Important: “More proof that big data, security are soulmates” http://t.co/rfgR7D5Z

  75. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  76. Lars R. Svendsen Tuesday, November 29, 2011

    A pattern for aggregating security data
    RT @gigaom: More proof that big data, security are soulmates http://t.co/OxQ74izE #BigData

  77. More proof that big data, security are soulmates http://t.co/7FTA2EzW via @zite

  78. Big data, big security. Everything from log file analysis to malware detection is a big data problem. http://t.co/mpqe5xKl

  79. More proof that big data, security are soulmates http://t.co/ukb2TzD6

  80. More proof that big data, security are soulmates http://t.co/D5KJqNAP via @zite

  81. Elastic Security Tuesday, November 29, 2011

    More proof that big data, security are soulmates: http://t.co/2SnBkqqO #cloudcomputing

  82. More proof that big data, security are soulmates http://t.co/oAHxoHNi

  83. More proof that big data, security are soulmates http://t.co/dT4FXkFY

  84. RT @mikeloukides: Big data, big security. Everything from log file analysis to malware detection is big data problem. http://t.co/m1fER37Q

  85. RT @gigaom: More proof that big data, security are soulmates http://t.co/VO1B1rEj

  86. RT @gigaom More proof that big data, security are soulmates http://t.co/hLEk4soD <– will security benefit from big data? #bigdata #hadoop

  87. RT @Sourcefire: RT @gigaom More proof that big data, security are soulmates http://t.co/hLEk4soD <– will security benefit from big data? #bigdata #hadoop

  88. RT @Sourcefire: RT @gigaom More proof that big data, security are soulmates http://t.co/hLEk4soD <– will security benefit from big data? #bigdata #hadoop

  89. Network Security 4U Tuesday, November 29, 2011

    #networksecurity More proof that big data, security are soulmates — Cloud Computing … – Today, I read a press r… http://t.co/VKuHrCaU

  90. Jennifer Leggio Tuesday, November 29, 2011

    RT @Sourcefire: RT @gigaom More proof that big data, security are soulmates http://t.co/hLEk4soD <– will security benefit from big data? #bigdata #hadoop

  91. Derrick, regarding your view on “finding tools that are well baked enough for use in production environments,” I believe that HPCC is well baked and production ready. It is also mature and fully enterprise ready. Visit http://hpccsystems.com for more information.

  92. RT @elasticsecurity: More proof that big data, security are soulmates: http://t.co/2SnBkqqO #cloudcomputing

  93. More proof that big data, security are soulmates http://t.co/ueOweE6c #cloud #saas

  94. More proof that #BigData, #security are soulmates http://t.co/NaAkXGYx via @gigaom #in

  95. Opera Solutions Tuesday, November 29, 2011

    More proof that #BigData, #security are soulmates. http://t.co/QcMsDYAN

  96. More proof that big #data, #security are soulmates: http://t.co/PjsuRwcQ (via @gigaom)

  97. More proof that big data, security are soulmates http://t.co/0Tazcpmn < so true. Not mentioned, but relevant are netflow and pcap datasets.

  98. Big data and security team up to form an undisputed power couple @gigaom http://t.co/C04ynERa

  99. UCF EECS CS Division Sunday, December 4, 2011

    RT @privatewifi: More proof that big #data, #security are soulmates: http://t.co/PjsuRwcQ (via @gigaom)

  100. More proof that big data, security are soulmates http://t.co/5VjYErqG

Comments have been disabled for this post