Currently available security incident and event management (SIEM) tools already allow companies to aggregate huge amounts of log data from multiple security devices and bring it all to one system, he said. But the real problem with SIEMS is the ability to analyze the data and correlate that data so that precursor hacking evidence or actual intrusions can be detected," and acted upon.
It's one thing to aggregate data. It's another thing entirely to make sense of it, he said. In the end the key to situational awareness are the correlation rules and processes that a company has in place for analyzing the data and acting upon it in an efficient manner.
"The big data challenge is to derive actionable information," said Andrew Wild, chief security officer at Qualys. The issue that many enterprises face is not so much a lack of data but rather how to use it in a manner that is useful from a security perspective, he said.
"The network is highly aware, the routers are aware the switches are aware. They know the packets that are flowing through the network." The problem is that all the data exists in different repositories that are not integrated at all, he said.
The tools individually are unable to provide much information, so the Big Data challenge is to find a way to aggregate the data and extract useful information from it. "Big Data is a big challenge when it comes to security," Jerry Sto. Tomas, director of global information security at Allergan, said in a panel discussion at the conference.
A lot of the log data that companies collect exist in silos, he said. And often the data that is college is "garbage data" from a security standpoint, Tomas said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about big data in Computerworld's Big Data Topic Center.