Special Issue of the IBM Journal of Research and Development
Cybersecurity is among the most important and pressing challenges of our times. The inadequacy of perimeter-based security controls in protecting enterprises is demonstrated in the increase in the scale, scope, and frequency of cyber-attacks confronting enterprises today. As noted by guest editor and IBM Fellow J. R. Rao, this problem is further exacerbated by the proliferation and adoption of technologies involving cloud, mobile, and social platforms (often offered as third-party services), which further erode the visibility and control that enterprises have on their security posture.
Many organizations deploy a variety of security controls, including security sensors such as intrusion detection and prevention systems, as well as security tooling for identity, access, and audit management. These systems enable organizations to manage their security postures, generating a multitude of event alert streams, logs, and audit records that contain actionable intelligence that is often underutilized and often not available in real-time. The inability to automatically mine, aggregate, and correlate these events and data at line speeds, and to present them to the security analyst in a semantically meaningful manner, deprives security analysts and administrators of valuable insights for defending their IT infrastructure and, more broadly, their organization’s assets and reputation.
This special issue of the IBM Journal of Research and Development reports on work in the emerging area of security intelligence. Here, the various authors explore how to exploit a variety of instrumentation in today’s IT landscape and data centers to enable the responsible collection and aggregation of sensitive monitoring data. Furthermore, authors investigate the harnessing of emerging big data analytics engines and platforms, including cognitive computing techniques, to develop models and predictive analytics to create semantically rich interpretations of security-relevant events that scale to very large environments — enabling cross-data-flow correlation of security, application, user, system, and network events.
Rao notes that, with near-real-time capabilities, one goal of the work described in this issue concerns placing comprehensive and accurate control back into the hands of decision makers, such as security analysts, by relieving them of repetitive and manual tasks and also enabling the analyst to focus on remediating critical security events. The authors also explore some of the ramifications and different choices that enterprises are making to balance the requirements of enterprise security and privacy.
Visit the IBM Journal website for more of our recent issues.
Clifford A. Pickover
IBM Journal of Research and Development