The RSA Security show is always a great touch point to see the state of data security and hear what topics are keeping security professionals up at night. This year did not fail to disappoint.

There was significant buzz around the evolution of security breaches — from bored kids in a basement showing off for their friends, to nation-states infiltrating critical infrastructures and stealing corporate secrets. Hacking as modern warfare has been known and appreciated by the security industry for several years now, but the increase in media attention (that’s what happens when The New York Times and Washington Post get hit) has brought the issue to the forefront. The coming years will be interesting as governments publically align and act on their digital assets; we can only hope that conflict is limited to the digital world.

So what are we to do in the face of these rising threats?

Security through obscurity is no longer a viable strategy and everyone should assume that they will either be the target of an attack, or, through unwitting participation in a botnet, may become collateral damage. Oddly enough the answer is not bigger walls or stronger locks; Adi Shamir (the “S” in the famous “RSA” encryption algorithm) opined that cryptography is becoming less important because threats are getting around these perimeter defenses and operating within the walls with impunity. We need to spend as much time and effort in knowing what is and should be going on within our networks so that we can identify when something is out of place. The challenge is that disparate monitoring and alerting systems pump out huge amounts of data in a variety of formats and weeding through all of that information to find the relevant patterns that indicate an attack can be challenging.

Does this sound like a familiar problem?

Yes, data security has turned into a Big Data problem.

As I walked around the expo floor and listened to the keynote presentations, the buzz wasn’t about who had the best authentication widget or the sneakiest scanner, it was about who could collect data from the most sources and do something useful with it. Being able to correlate a random service on a desktop with strange firewall activity and user logins in the middle of the night is taxing for an administrator in a ten person company, difficult for a team in a hundred person company, and impossible for any human being when dealing with a thousand employees or more. The same types of analytics being designed for tracking consumer habits can also be brought to bear on correlation of security data, and it is only through these analytics that we can find the useful nuggets in the morass of data. The bad guys are already inside the walls, it’s now a “Where’s Waldo” exercise to find them.