I had the pleasure of attending this year’s RSA conference, which many consider the biggest cybersecurity exhibition in the U.S. While there were eye-catching show booths in the form of a movie theater, spaceship, video gaming room, and more, what was truly stimulating was the meaningful conversations on enterprise cybersecurity challenges and solutions that took place at these fanciful settings. After one week of drinking from the firehose, I distilled my observations and conversations with security professionals at the expo to the following 3 takeaways:
What happens when a product reaches its mature stage? Two things are likely to happen. One is do nothing and the product meets its eventual demise of declining market share and being driven out of the market by new entrants. Another is to extend its capabilities, whether through organic growth of self-development, or partnership with emerging product/technology to build a complimentary or “better together” story. Based on my observation, the latter was apparent at RSAC.
Through partnership or merger and acquisition, many traditional SIEM vendors have incorporated user and entity behavior analytics (UEBA) capabilities in their bundle offering. In my view, this reflects the market demand for a unified, sophisticated cybersecurity solution to address the evolving needs to defend against known and unknown threats. Better yet, an advanced platform solution that can accommodate, integrate, and leverage multiple SIEMs and enterprise assets, such as the Hortonworks Cybersecurity Platform (HCP).
Powered by Apache Metron, HCP is a real-time security analytics platform that ingests, normalizes, enriches, triages and manages application and security events at scale. At the core of its analytic capability, HCP provides advanced UEBA in profiling and anomaly detection. The solution can automatically profile users, events, and activities as data is streaming in to identify a normalized pattern in real-time, then use it as a benchmark against incoming information to detect anomalies and prevent potential threats. Moreover, HCP provides a pluggable framework to add new custom parsers for new data sources, new enrichment services to provide more contextual info to the raw streaming data, pluggable extensions for threat intel feeds, and the ability to customize the security dashboards. Machine learning and other models can also be plugged into the real-time streams, providing huge extensibility, which is crucial in ensuring progressive success in this never-ending battle against cyber criminals.
AI, machine learning, block chain. The highlight of the expo is the mention of “shiny objects” — overwhelming number of participating companies talk about AI or machine learning. However, rarely anyone talked about the data foundation — the ingestion, management, enrichment, and access of data – which in my mind is the essence of successful AI or machine learning projects.
When I politely raised the question regarding the handling of data, the answer I got was usually that everything was “custom built” by themselves. From my experience, a DIY approach is time-consuming, labor intensive to build and maintain, expensive and not market-tested. Why do the heavy lifting yourself? Why not leave it to the experts? and this is where Hortonworks comes in and shines, by offering a pre-built data foundation of Hortonworks Data Platform (HDP) and Hortonworks DataFlow (HDF) with pre-certified tools optimized for resources for better outcomes, faster time-to-value, and lower total cost of ownership. Building on top of such data foundation, Hortonworks Cybersecurity Platform, powered by Apache Metron, sits at the prime intersection of Big Data and advanced analytics, enabling Security Operations Center (SOC) to visualize diverse, streaming security data at scale in real-time detection and response to threats.
Lastly, I want to leave you with my advice — don’t build your million-dollar skyscraper of AI on a shaky data foundation.
Cybersecurity is the last line of defense for the Global Data Protection Regulation (GDPR) in terms of threat detection and response. At the conference, companies talked about cybersecurity solutions as if they were the universal cure for a common cold: one dose and all your pains and worries go away. Although cybersecurity plays a crucial role on this topic, complying to the GDPR is not as simple as advertised at the expo.
The challenges and solutions to comply with the GDPR are perfectly summed up in our recent white paper. Specifically, the path to compliance requires a solution that incorporates an interoperable ecosystem of relevant tools, a system that is purpose-built based on a comprehensive data governance strategy. A solution like the Hortonworks Data Steward Studio (DSS). By providing a suite of data discovery and governance capabilities, DSS enables businesses to identify and evaluate trust levels of their data, collaborate securely, democratize data across the enterprise, and achieve the following objectives:
At Hortonworks, we have carefully designed and engineered each solution component to fulfill the four major tenets in GDPR compliance:
The industry trends, enterprise challenges, and emerging technologies I observed at this year’s RSA conference validate how Hortonworks solutions are able to address the market pain points and differentiate to provide unique value to help our customers succeed. I look forward to my next adventure to RSAC 2019.
To learn more about the Hortonworks Cybersecurity Platform, please read:
To learn more about the GDPR, please read: