Analyzing big, midsize, and small data for application security

Abstract

Organizations collect huge amounts of security intelligence and yet analysts fail to anticipate many attacks leading to data breaches, denials of service, identity theft, fraudulent use of systems and data, and other nefarious activities. Analysts mostly learn of incidents from third parties, such as law enforcement and payment-card processing companies. Could it be that they do not have available the right level and mix of data? We describe how one might optimize the collection and analysis of security information and event management data, particularly as they apply to securing computer applications. It is argued that this optimization can be achieved by combining big, midsize, and small data and running them through appropriate analytical methods.