Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Big Data protects Intel's info

Bob Violino | April 5, 2013
Security Business Intelligence (SBI) earned Intel top honors in the CSO40 awards, which recognize security projects that have delivered outstanding business value.

While working on SBI, Intel also wanted to clearly define who has access to certain types of data, how the data will be stored and segmented, and when certain types of data will be deleted. Of particular importance to the team was the development of policies and processes that ensure that personal information is stored and accessed according to the company's guidelines.

By incorporating privacy early on when developing products, services and programs, Intel can fulfill its objectives. To make sure it covers all its bases, the company uses a privacy impact assessment (PIA).

A PIA is similar to an audit -- it's an evaluation performed to verify that a new or existing organizational process or system adheres to appropriate privacy laws, regulations and policies. It also assesses the risk to privacy associated with the business process that's being evaluated, and it examines potential methods of risk mitigation.

One objective of a PIA is to cause an organization to think about its process choices and their impact on privacy. The assessment allows a company to analyze and document not only the project's anticipated data lifecycle, but also its reasons behind the treatment of data at each stage.

The SBI platform performs real-time correlation of big data to detect security threats faster, boosting Intel's ability to intervene quickly while reducing its risk exposure, Ross says. "Using this platform, we can monitor traffic from Intel's servers to detect data exfiltration abnormalities and send alerts to security responders," he says. "This platform allows us to detect security threats faster, not only to boost our ability to intervene quickly, but also to reduce our risk exposure."

The SBI architecture is built around three layers: common logging service, correlation layer and predictive analytics. It collects some six billion events per day to deliver near real-time reporting. Analysis of these events provides early detection of anomalous behaviors both among client devices and in the server environment.

For example, SBI can detect and respond to anomalous situations such as when a user appears to log in from two geographic locations at the same time. This can be indicative of a compromised credential and may cause the system to dynamically adjust the device trust level and the access that is granted to that account.

In the case of bring-your-own-device initiatives, Intel can use SBI tools to monitor the transactions with its application gateways and one-time password generator. These logs, combined with the company's new trust-level-based architecture, mean "we can create detailed, real-time correlation rules and can dynamically adjust the trust level of a device and the applications a user can access," Ross says.

Tangible ResultsAmong the results Intel has seen with its SBI platform is a 99 percent increase in efficiency, reducing data collection analysis throughput time from two weeks to 20 minutes. In addition, the platform can process 200 billion server event logs and provide results in less than 30 minutes. With these and other controls in place, the company is currently seeing a malware infection rate of less than one percent.

 

Previous Page  1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.