The Securities and Exchange Commission is responsible for, among other duties, enforcing insider trading laws. In so doing, it needs to know which trades are suspiciously profitable and warrant investigation, and which are routine. In other words, they need valuable information. Each day, millions of securities trades are completed, and each one is meticulously recorded in a database somewhere. The SEC has access to all that data…
And it’s worthless.
It takes sophisticated algorithms that, I can only guess, employ machine learning and other advanced mathematical models to identify suspicious patterns and surface the information SEC investigators need to track down and prosecute the Gordon Gekko’s of the real world. The morale of the story? The value of data resides in the information that can be extracted from it.
The challenge for enterprise security software, believe it or not, is even more daunting these days than that which confronts the SEC. SIEMs and other security software also gather millions of data points and are tasked with drawing the needle out of that data haystack to find the anomaly that indicates a potential security breach. The difference? Security software needs to do that as closely to real-time as possible. If the SEC catches insider traders months after they launch their scheme, the bad guys are simply enriched, but little damage is done to the collective market or the companies whose stock they’re trading. In the data security world, on the other hand, each day the bad guys go undetected increases the damage and cost of the breach…in dollars, reputation, and potential lost business and productivity.
It wasn’t always that way, however. Just a few short years ago, before the Targets and Sonys of the world became the poster children for data security awareness, security was considered largely synonymous with compliance, if not flat out subordinate to it. Failing an audit was much more of a concern than a breach. In that environment, the gap between data and information wasn’t quite so wide. An auditor might ask for a report showing who made what changes to Active Directory Groups and when they were made. That report could be months old, and providing that data without any context whatsoever was perfectly acceptable. Now, listing change data for auditors is much easier than extracting valuable information that adds context to those changes. Were they authorized? Suspicious? Indicative of an attack or malicious behavior? Answers to those questions were less important at the time, and real-time analysis was certainly not an audit/compliance consideration.
Fast-forward to today. Failing an audit is no longer on the top of the average security professional’s mind. Making sure his or her company isn’t the lead story on the evening news’ “latest data breach” segment is what keeps them up at night. Times change. And when they do, product requirements change as well. And that brings us to Dell’s Change Auditor and our StealthINTERCEPT. Change Auditor was a very nice product for the audit/compliance days, and it served its customers well. But, it was designed to stop audit failures, not bad guys. On the other hand, StealthINTERCEPT is designed for today’s needs: real-time, built-in analytics that generates contextualized alerts – read: information – that address the most common attack vectors. The needle without the haystack. Information, not data.
StealthINTERCEPT vs. Change auditor.