I remember when virus-scanning was as simple as running an executable from the trusty DOS Shell in between playing rounds of Duke Nukem. Now, detecting vulnerabilities involves not only massively greater numbers of devices and data, but also the flexibility to react in real time as threats shift. That need has stoked the development of a new generation of security platforms such as the one released this week by Risk I/O for real-time enterprise security vulnerability assessment based on what amounts to Big Data analysis.
The company is pitching the product as the "first vulnerability intelligence platform" and says it can analyze "real-time, global attack data alongside security vulnerabilities to help businesses identify where they are most likely to be attacked." The software does a couple of particularly interesting things from a security standpoint, including:
- Exploitation risk calculation, which the product achieves by parsing information on ongoing security exploitations across the globe to determine which threats pose the greatest risk at a given moment. These determinations also factor in the particular industry of which an organization is part. The exploitation data comes from a number of sources, including both Risk I/O's own monitoring and public databases such as RiskDB, The National Vulnerability Database, The Web Applications Security Consortium, The Exploit Database, SHODAN and The Metasploit Project.
- "Remediation Impact," or prioritization of security patches according to which threats are greatest. The idea is to make sure the most dangerous vulnerabilities with known fixes are addressed first.
Essentially, Risk I/O is applying the lessons of Big Data to IT security, which may well prove to be central to the future of vulnerability mitigation and information protection. As data grows ever bigger and trends such as the cloud and BYOD dampen the effectiveness of traditional security scans and preemption efforts, using massive amounts of real-time security data to identify patterns across large systems makes more sense.
The introduction of next-generation vulnerabilty intelligence platforms to address these challenges might give security admins some reassurance—even if, like me, they'd prefer to return to the carefree days of the early-1990s.