These days, lots of companies are looking for ways to use big data and analytics to improve their security, but Intel is one of the first to actually pull it off.
The company's initiative, called Security Business Intelligence (SBI), earned the company top honors in the CSO40 awards, which recognize security projects that have delivered outstanding business value.
Intel IT began building its SBI platform in 2010. "SBI is one of the pillars of our Protect to Enable enterprise security strategy," says Malcolm Harkins, Intel's chief security and privacy officer. "The ability to filter and distill the billions of events per day brings tremendous security value to the enterprise."
The Protect to Enable strategy focuses on applying reasonable levels of protection, which allows information to flow through the organization and gives users a better experience while at the same time reducing risk.
In 2012, Intel made significant progress in implementing this architecture, which is based on four pillars. The first pillar is identity and access management, which allows users' access privileges to be dynamically adjusted as the level of risk changes. Intel has tested this system in its production environment and continues to refine these tools for a range of devices, locations and infrastructure technologies.
The second pillar is data protection. Intel is implementing technologies to safeguard its information when it's created, stored and in transit. The company has expanded deployment of enterprise-rights-management software and implemented new data-loss-prevention technologies to better track sensitive data.
The third pillar is infrastructure. For example, Intel has implemented secure trust zones within its enterprise private cloud that enables it to virtualize internally and externally facing applications with higher security requirements.
The final pillar is SBI. "As we allow access to enterprise systems from more devices, we need improved detection and analytical capabilities," says Alan Ross, senior principal engineer. "We deployed a flexible dashboard to view malware infection data down to the machine level and added a predictive engine that enables proactive protection and simulations to improve our ability to respond to threats."
The primary goals of the SBI platform are to use big data and advanced analytics to improve Intel's ability to predict, prevent, detect and respond to cyberthreats; develop the tools and reporting capabilities to distill large amounts of data into meaningful analysis; and use the resulting analysis to cut overall costs by reducing or eliminating other security controls that may be less effective. Intel IT is also looking at ways to use trusted sensor and event information from its platforms to improve the quality and reliability of the SBI system.
Emphasis on PrivacyOne goal of SBI was to develop privacy controls before and during the deployment of the platform to ensure that data administrators, analysts, security investigators and forensics teams "understand, respect and abide by Intel's privacy compliance requirements," Ross says.
Sign up for MIS Asia eNewsletters.