Among the various guests broadcast on theCUBE this week from the Las Vegas Splunk Conference .conf2013 was Demetrios Lazarikos, also known as "Laz". Lazarikos has a real-world perspective on current security and technologies with a background as the Chief Information Security Officer (CISO) for the Sears Online Business Unit, and as an IT Security Strategist and Thought Leader. He shared some thoughts on Splunk, Big Data, and security with Dave Vellante and Jeff Kelly.
Lazarikos shared some of his background and gave some perspective on how security has become so important through the ages. While there were a handful of organizations that were early in taking security seriously, it wasn't until PCI-DSS came into the picture around the year 2000 that companies largely started to become more serious about security. Obvious early adopters were government and financial institutions, but it wasn't long after for Lazarikos that Sears Online came knocking. They were looking to build a security platform from the ground up and gave Lazarikos all the latitude that would be required to keep the security platform as flexible, scalable, and obviously secure as can be.
NSA Side Effect: Awareness and Attention
Touching on that note, Vellante noted that security initiatives indeed are commonly rooted in compliance adoption and the changes they entail. Similarly, with all the revelations in the news about NSA surveillance efforts, there is much more awareness from a greater amount of people about the way data in general is exposed, especially in the last 6 to 9 months. Lazarikos notes that indeed there is more attention being paid to identifying what data people are protecting.
Big Data Landscape for Security
One of the most interesting emerging technology types which we cover here often at SiliconANGLE, is the entrance of intelligent learning security. Lazarikos talks about this crop of technologies that utilize data patterns and the power of big data. Organizations are taking on a number of challenges as they look to reach out into the cloud, into third party environments. There's a way to do this but to do it securely it requires understanding patterns and implementing session intelligence due to this new landscape. It means monitoring behavior and analyzing traffic for good or bad characteristics. There are a number of companies out there as Lazarikos points out SilverTail, that leverage analytics for session behavior. Adding to the challenge, to do this thoroughly, it has to be complemented with other threats that are going on in the environment as well, as behavior analytics gets to the problem of internet-based traffic for internet facing web applications. Another challenge in the wild today is that traditional security tools are getting bypassed by criminals and hackers, defeating things like firewalls and intrusion detection systems (IDS). This limitation has opened the door for big data, a term that has seen some marketing abuse but wholly applies in this case as it processes and produces behavior analysis from a wide range of machine data from throughout the enterprise.
Security Has to Evolve
Lazarikos describes the threat landscape and what security will look like in ten, fifteen year. Criminals are ever more organized, they are implementing increased communication through texts, tweets, and becoming more sophisticated by the day. Security professionals are going to need to adapt to this in a similar fashion and evolve accordingly. All you have to do is look at these black market areas where tools and loot are traded. Another painful truth is that there is a major gap in between when an intrusion occurs and when it is detected. That is a statistic that is found over and over again in studies and reports and Lazarikos states that one of the most commonly cited figures 415 days is on the light side, and that it's far beyond that. What that means is the discussion needs to be taken to the board and C-level discussions. Security has to be driven now from that level-down. It should be communicated that companies are big targets, they have assets to protect, company roadmaps, intellectual property on the line and execs need to understand the risks. That means understanding how much to invest in security, what framework to establish and follow, because business is mobilizing, but cybercriminals are mobilizing too increasingly towards high communications and changing open environments. Thankfully many execs seem to be reaching out to research put out by Forrester and Gartner and therefore moving towards a risk-based approach. These types of approach can mean quantifiable losses can be projected from that risk basis, valuable for executives.
@thecube
#theCUBE #Splunk #SiliconANGLE #SplunkConf @Splunk
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Splunk.conf 2013. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Splunk.conf 2013
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Splunk.conf 2013.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Splunk.conf 2013. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Splunk.conf 2013
Please sign in with LinkedIn to continue to Splunk.conf 2013. Signing in with LinkedIn ensures a professional environment.
Among the various guests broadcast on theCUBE this week from the Las Vegas Splunk Conference .conf2013 was Demetrios Lazarikos, also known as "Laz". Lazarikos has a real-world perspective on current security and technologies with a background as the Chief Information Security Officer (CISO) for the Sears Online Business Unit, and as an IT Security Strategist and Thought Leader. He shared some thoughts on Splunk, Big Data, and security with Dave Vellante and Jeff Kelly.
Lazarikos shared some of his background and gave some perspective on how security has become so important through the ages. While there were a handful of organizations that were early in taking security seriously, it wasn't until PCI-DSS came into the picture around the year 2000 that companies largely started to become more serious about security. Obvious early adopters were government and financial institutions, but it wasn't long after for Lazarikos that Sears Online came knocking. They were looking to build a security platform from the ground up and gave Lazarikos all the latitude that would be required to keep the security platform as flexible, scalable, and obviously secure as can be.
NSA Side Effect: Awareness and Attention
Touching on that note, Vellante noted that security initiatives indeed are commonly rooted in compliance adoption and the changes they entail. Similarly, with all the revelations in the news about NSA surveillance efforts, there is much more awareness from a greater amount of people about the way data in general is exposed, especially in the last 6 to 9 months. Lazarikos notes that indeed there is more attention being paid to identifying what data people are protecting.
Big Data Landscape for Security
One of the most interesting emerging technology types which we cover here often at SiliconANGLE, is the entrance of intelligent learning security. Lazarikos talks about this crop of technologies that utilize data patterns and the power of big data. Organizations are taking on a number of challenges as they look to reach out into the cloud, into third party environments. There's a way to do this but to do it securely it requires understanding patterns and implementing session intelligence due to this new landscape. It means monitoring behavior and analyzing traffic for good or bad characteristics. There are a number of companies out there as Lazarikos points out SilverTail, that leverage analytics for session behavior. Adding to the challenge, to do this thoroughly, it has to be complemented with other threats that are going on in the environment as well, as behavior analytics gets to the problem of internet-based traffic for internet facing web applications. Another challenge in the wild today is that traditional security tools are getting bypassed by criminals and hackers, defeating things like firewalls and intrusion detection systems (IDS). This limitation has opened the door for big data, a term that has seen some marketing abuse but wholly applies in this case as it processes and produces behavior analysis from a wide range of machine data from throughout the enterprise.
Security Has to Evolve
Lazarikos describes the threat landscape and what security will look like in ten, fifteen year. Criminals are ever more organized, they are implementing increased communication through texts, tweets, and becoming more sophisticated by the day. Security professionals are going to need to adapt to this in a similar fashion and evolve accordingly. All you have to do is look at these black market areas where tools and loot are traded. Another painful truth is that there is a major gap in between when an intrusion occurs and when it is detected. That is a statistic that is found over and over again in studies and reports and Lazarikos states that one of the most commonly cited figures 415 days is on the light side, and that it's far beyond that. What that means is the discussion needs to be taken to the board and C-level discussions. Security has to be driven now from that level-down. It should be communicated that companies are big targets, they have assets to protect, company roadmaps, intellectual property on the line and execs need to understand the risks. That means understanding how much to invest in security, what framework to establish and follow, because business is mobilizing, but cybercriminals are mobilizing too increasingly towards high communications and changing open environments. Thankfully many execs seem to be reaching out to research put out by Forrester and Gartner and therefore moving towards a risk-based approach. These types of approach can mean quantifiable losses can be projected from that risk basis, valuable for executives.
@thecube
#theCUBE #Splunk #SiliconANGLE #SplunkConf @Splunk
