Gartner：对于2014年的大数据安全分析的运用审慎乐观

【updated @ 2014-4-26】

近期，Gartner发布了多个对2014年的预测，其中就包括对大数据安全分析的预测。

先说一下，“大数据安全分析”是我本人的一个称呼，意即“将大数据分析技术应用于信息安全的技术”，千万别跟“大数据的安全”混淆。“大数据的安全”是指研究大数据本身的安全性，包括针对大数据计算和大数据存储的安全性。我将“大数据安全分析”英文叫做Big Data Security Analysis，或者叫做Big Data based Security Analysis，Gartner则称之为security big data analytics，或者big data for security。

Gartner的分析师Anton Chuvakin认为：95%的用户不会在2014年真正应用大数据安全分析技术，因为其还过于复杂，缺乏商业化的成熟产品支撑，缺少相关的使用技能。（Predicts 2014：Infrastructure Protection）

Anton在报告中写道：以下几个因素使得短期内不会出现大数据分析技术的大规模应用的情况

• Dearth of COTS [commercial off-the-shelf] big data tools to collect, store and analyze massiveamounts of diverse security data and come to conclusions automatically;

• Pervasive culture for buying COTS, seeking out-of-the-box features and contents that conflictswith the free-form data exploration approach characteristic of most successful big data projects inother industries;

• Rapid evolution of big data technologies and their inherent complexities related to distributedcomputing and storage, new data access language and APIs,unstructured data, and so forth;

• Data exploration, hypothesis testing and modeling approaches needed for making use of big datathat are alien to many security teams that prefer boxed solutions and canned content.

说到底，就是还不够成熟，存在技术风险。

其它预测还包括：

• “The noise about big data for security has grown deafening in the industry, but the reality lags far, far behind. As many organizations continue to struggle with utilizing traditional security analysis tools, such as security information and event management (SIEM) tools, the expectation that they will magically adopt big data technologies and approaches is simply unrealistic.”

• “Big data use for security will continue to be populated by the most advanced, mature, Type A organizations for the near future. Security may well be becoming a big data problem, but riding that big data wave will stay difficult and expensive for most organizations.”

• “Many vendors ― new and existing ones ― will try to position their technology as big data. However, much of this will remain hype, not reality. “Lean forward” security programs at select large enterprises will still need to build and run their own tools for big data analysis if they choose to embark on this journey.”

• “Advanced expertise in both information security and data science will be a necessary ingredient in enabling accurate discrimination between malicious and benign activity. “

无论如何，大数据安全分析是未来安全的一个方向，这点毋庸置疑。但是无论是厂商还是客户，都要树立起正确的心态，把握好实践的节奏，避免操之过急。

对于一些先进的企业和组织而言，拥抱大数据安全分析不失为一个自我革新的契机。但是，在实践过程中应该采用组合式创新的审慎态度。例如，对于将大数据安全分析应用到SIEM领域的时候，可以在现有SIEM技术架构上做加法，而非全盘否定。