Stephen Cobb ESET
download slides (PDF)
The anti-virus industry has several decades of experience sharing threat data between competing vendors, private enterprises, public institutions, and non-governmental organizations. In this paper we examine the history of this pioneering threat data sharing for lessons that can inform the evolution of Big Data Security.
Big Data Security is this year's hot information security concept, a key element of which is using shared threat data, along with internal data, to detect and mitigate threats to information systems. Big Data Security is defined as more than either SIEM or NBA, both of which are characterized as limited visibility solutions. The goal of Big Data Security is full visibility into all aspects of all the data, all the time, so that near real-time analysis of OSI layers 2 through 7, plus threat data feeds from beyond the enterprise, will produce faster, better threat detection and response.
This goal cannot be achieved without timely access to shared threat data, ranging from malicious code signatures and malicious URLs to whitelists, incident profiles and more. We will determine how the anti-virus industry's experiences may inform the development of Big Data Security in the areas of standards, legal constraints, privacy concerns, logistical challenges, and more.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.