I have been writing recently a lot about the hot "Big Data" space. Whether it be Hadoop, NoSQL, scaled storage or similar technologies they all deal with managing and using massive amounts of data that dwarf anything we have seen before. Many of them use commodity hardware and distributed systems to handle this data. But all of this big data creates another problem. Securing big data is a task that is frankly too big for much of the security technologies in place today. All of this big data could cause big problems. Two of my friends in the security world have written a bit about this subject. Chris Hoff of Rational Survivability and Amrit Williams writing at his techbuddha blog. (I have linked to just one article from each, but they have both written more on the subject on their blogs as well).
Today I wanted to write about a company whose prime mission is securing big data. The company's name is Red Lambda. They were founded based on some work done at the University of Florida at Gainsville. I actually became aware of some of the technology a few years back, but just recently they have launched the company using the technology for the mission it was intended, security big data. I shoud also point out that Red Lambda is not an open source company at all. None of their software is open. But what Red Lambda is is a new breed of security company that doesn't rely on appliances, signatures or rules. It is a grid company. In fact that is the name of their primary product, MetaGridTM. From their web site:
MetaGrid™ is a security and operational intelligence solution for the world's largest network infrastructures. MetaGrid unifies and analyzes operational data, automatically discovering all anomalies, threats, and patterns without a single rule or signature.
MetaGrid™ enables organizations to:
- Unify network, security, and external data
- Flexibly collect and analyze any type of data
- Quickly identify threats and anomalies without signatures or rules
- Alleviate load on network and security operations teams with event clustering and significant noise reduction
One of the really interesting pieces to me of MetaGrid is what Red Lambda calls Neural Foam. Again from their web site, Neural Foam is:
MetaGrid's patent-pending Neural Foam™ uses artificial intelligence to cluster massive amounts of data into its simplest, natural structure without a single rule. Neural Foam's unique ability to continuously learn all knowledge and anomalies from any data, over any timescale, event by event revolutionizes operations. In one pass, MetaGrid makes it possible to see every aspect of an infrastructure, from the most normal activity, to threats, to things that only happen once or differ by a single unusual bit. Quite simply, it's the ultimate weapon against the unknown, inside or out.
These are pretty big idea, but I think new and big ideas are need to tackle new and big problems. I had a chance to sit down a few weeks ago with Jeff Barker, VP of global marketing at Red Lambda. Prior to going public with the launch Red Lambda went to many of the companies with the biggest "big data" installs and offered them the chance to trial the Red Lambda product. The results and feedback has been pretty solid and positive. Of course there have been lessons learned as well. Jeff and his team are refining, improving and continuing to evolve the product based on the feedback.
As big data gets bigger, the problems of securing will also grow. Red Lambda seems like a company poised to tackle this "big" problem.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.