Building from years of security expertise, RSA was able to exploit Big Data to better detect, investigate, and understand threats with its RSA Security Analytics platform launched last year. Similarly, Pivotal leveraged its world-class Data Science team in conjunction with its Big Data platform to deliver Pivotal Network Intelligence for enhanced threat detection using statistical and machine learning techniques on Big Data. Utilizing both RSA Security Analytics and Pivotal Network Intelligence together, customers were able to identify and isolate potential threats faster than competing solutions for better risk mitigation.
As a natural next step, RSA and Pivotal last week announced the availability of the Big Data for Security Analytics reference architecture, solidifying a partnership that brings together the leaders in Security Analytics and Big Data/Data science. RSA and Pivotal will not only enhance the overall Security Analytics strategy, but also provide a foundation for a broader ‘IT Data Lake’ strategy to help organizations gain better ROI from these IT investments.
RSA’s reference architecture utilizes Pivotal HD, enabling security teams to gain access to a scalable platform with rich analytic capabilities from Pivotal tools and the Hadoop ecosystem to experiment and gain further visibility around enterprise security and threat detection. Moreover, the combined Pivotal and RSA platform allows organizations to leverage the collected data for non-security use cases such as capacity planning, mean-time-to-repair analysis, downtime impact analysis, shadow IT detection, and more.
Distributed architecture allows for enterprise scalability and deployment
I spoke with Jonathan Kingsepp, Director of Federation EVP Solutions from Pivotal to discuss how the RSA-Pivotal partnership allows customers to gain much wider benefits across their organization.
1. What are the technology components of this is this new RSA-Pivotal Reference architecture?
Pivotal HD now serves as a repository for Security Analytics Warehouse (SAW), a component of the RSA Security Analytics platform. This architecture is aimed at large organizations that recognize the need for more advanced and custom capabilities around data and network security. This has been most evident in industries that maintain sensitive information like Financial Services and Defense/manufacturing – whether IP, PII or otherwise.
2. How will this new partnership add value to the RSA Security Analytics product roadmap?
The partnership will enhance the protection of electronic assets by building additional analytic capabilities on top of the RSA Security Analytics platform. For example, the next release of RSA Security Analytics will include GUI enabled Data Science data modeling capabilities that evolved through the joint collaboration of Pivotal Data Science expertise and RSA security expertise. RSA and Pivotal will continue with this collaboration to expand future Data Science capability within RSA Security Analytics while addressing new requirements with custom Pivotal Data Science Labs. Both represent a promising force to help customers stay ahead of rapidly changing advanced threats.
The partnership also allows customers to adopt a ‘collect once – use many’ approach to IT analytics. Sure security is important, but there are many other reasons why you want to collect that data, and storing and analyzing that data in a Pivotal environment allows customers to get more benefit from that data, analyzing it for things like capacity planning, mean-time-to-repair analysis, downtime impact analysis. This makes RSA Security Analytics far more important to the customers.
3. From an IT perspective, what is the value of using Pivotal HD with RSA Security Analytics?
From an IT perspective, Pivotal HD provides a low cost, flexible foundation for Big Data capability. RSA Security Analytics Warehouse is the first stage. The second stage can be to expand the core Pivotal HD platform into an Enterprise or IT Data Lake to serve other analytical use cases, such as predicting machine failure, optimizing virtualized resources, identifying internal threats, etc. These additional use cases can be delivered through focused Pivotal Data Science services and the full Pivotal Big Data Suite.
4. From a user or Security team perspective, what is the value of using Pivotal HD with RSA Security Analytics?
The flexbile, scalable RSA-Pivotal architecture enables security teams to quickly respond to the rapidly changing advanced threats landscape – speed up attack detection and shrink response times. For example, the architecture distributes different types of analytic capabilities depending on where the right data resides. Capture time analytics identify interesting characteristics of data right at the time and point of capture to create ‘metadata’ about the session. Streaming analytics combines different pieces of metadata in real time to spot concurrent sessions or actions happening over a short time window that might be an indicator of a threat. Batch analytics aggregates data to identify ‘low and slow’ type attacks, and patterns that occur over extended periods of time.
5. We hear the term ‘Data Lake’ all the time now. Talk to me about how this RSA-Pivotal architecture fits into an organization’s Data Lake strategy.
Data Lake is a cost-effective mechanism to store everything, analyze anything, and build the right application for competitive advantage. The RSA-Pivotal architecture serves as foundation for a broader Data Lake strategy and can also be incorporated into a wider Enterprise Data Lake. Pivotal has partnered with Capgemini to go to market with Business Data Lake, clarifying the business benefits of the Data Lake. Based on our mutual work, we believe the Data Lake follows 4 simple principals:
1. Land everything from every system even if you don’t need it yet
2. Let the business create their own point solutions
3. Only concentrate governance on where it enables collaboration
4. Let the business choose its cost/performance mix