Security regulations and mandates regarding data protection require companies to log a large number of events to maintain compliance. With the global marketplace firmly established, rules outlined in regulatory directives such as the PCI (payment card industry), ISO (International Organization for Standardization), HIPAA (Health Insurance Portability and Accountability Act of 1996), and others, are established to maintain the privacy of sensitive information. However, the emerging Internet of Things (IoT) has altered the way companies must perform security measures.
This shifting dynamic is the result of software indexing that fails to account for the growing presence of the IoT. Traditionally, companies utilize Security Information and Event Management (SIEM) software to fulfill compliance performance requisites, which include security event logging and retention, as well as threat recognition, alerts, assessments, and responses. However, indexing data from firewalls, authentication, and anti-virus products is now only part of the picture.
Enter the IoT
Other event data (like that from cloud platforms and mobile devices) must also be logged to ensure security, and networked physical devices that feature embedded operating systems are especially susceptible. These IoT devices contain indicators of advanced threats, particularly those that stem from customized malware or the theft of legitimate credentials, which are easily overlooked. Depending on the size of the company and the industry, the number of IoT devices vary, but some common ones include:
- Point of sale terminals
- Imaging and medical systems
- Floor kiosks (employee stations)
- Electrical or industrial grid systems that regulate operations, and similar industrial control systems
Although these items facilitate productivity, they also present a security loophole. Without indexing the event data for these types of devices, if a cyber attack occurs, there’ll be no evidence to examine. However, by logging events from IoT devices, companies can track and respond to threats, often before the criminals have achieved their primary goal.
Big Data Solutions
Problems exist because of the current strategies used for compliance. SIEM software often suffers from difficulty managing the large amounts of event data being indexed from traditional security products, making the increased volume of data from IoT devices impossible to include. First, “connectors” are costly to build for an IoT product. Moreover, the fixed schema of a single, relational datastore compromises the log data and establishes a point of failure that hinders speed and scale. A rigid user interface (UI) that hampers customized searches and report building capability also makes it difficult for companies to perform ad hoc audit requests or specific investigations.
However, big data delivers actionable solutions for businesses by eliminating these issues. Big data solutions feature:
- Flexible, low cost connectors that facilitate the onboarding of event data, including IoT products
- Flat file store that establishes indexing of all data without requiring modifications
- Quick scaling and speedy intake, searches, reports, and alerts, generated by a distributed architecture
- Elastic search and reporting aptitude that allows companies to perform detailed investigations and respond in effective ways
Big data offers businesses heightened protection and improved compliance performance by delivering a software-based solution that is able to index massive amounts of machine and event data. With real-time searching abilities, hierarchy/role-based access, and specific log retention, it delivers enhanced security results. Plus, it can be deployed on premise, through a hybrid solution, or solely in the cloud. Moreover, many service agreements come equipped with pre-built searches to increase compliance efficiency.
Any business can enhance event logging and compliance performance using big data solutions that seamlessly incorporate IoT products.