ollowing two security lapses several years ago, Intel executives pushed for an information security overhaul. But at a company with more than 100,000 employees in 63 countries, deploying a system capable of detecting, reporting and responding to suspicious activity meant gaining insight into a massive enterprise IT architecture -- and that was a big challenge.
So Intel used big data technologies when it built its Security Business Intelligence (SBI) platform. A key component of the company's "Protect to Enable" enterprise security strategy, the SBI system collects, aggregates and analyzes data from all corners of the enterprise as it keeps an eye out for things like unauthorized data transfers and advanced persistent threats.
"We have a big data environment, so we had to design a solution to accommodate that," says enterprise architect Stacy Purcell.
Michael Suby, an analyst at Frost & Sullivan, says many large organizations are using big data to improve their IT security. "Conceptually, it should help Intel in fortifying their environment, identifying threats as they're occurring and mitigating those threats," he says.
Deployed in 2012, the SBI platform uses a combination of custom-built and off-the-shelf hardware and software to collect, store and analyze data from servers, databases and other systems.
A common logging service collects and parses event and contextual data at a rate of more than 1 million events per second; it also supports report generation and workflow automation.
The SBI platform has advanced analytics functionality, making it possible to drill down into selected anomalies to make inferences that help investigators to identify the cause of abnormal activity.
With an average of more than 6 billion new logged events a day, Intel's team of operations, engineering, architecture and privacy experts needed tools that could handle the volume easily enough to contain and remediate threats in a timely manner.
"Without this capability, we couldn't even answer basic question like, 'How big a problem is X in our environment?'" Purcell says. "It's game-changing for us in that we can create solutions in response to risks."
Intel won't disclose how much it spent on the SBI platform, but enterprise architect Stacy Purcell says its capacity for identifying suspicious activity enables the security team to respond to threats rapidly.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.