Security breaches and events are often like cold cases. Some linger for long stretches of time before anyone notices. Others are never detected at all.
Solutionary, a wholly owned subsidiary of NTT Group, works to prevent such problems. The managed security services provider (MSSP) actively monitors its clients’ technology systems—including applications, servers, databases, firewalls, and network gear—to spot and throttle security events before they can have a negative impact.
“We’re not looking for viruses and malware,” says Dave Caplinger, director of systems for Solutionary. “We’re looking for behaviors—from devices or their users—that might signal a virus, malware, or other security event.”
But there is a major shift underway in how the company protects its customers. Solutionary is transitioning its flagship ActiveGuard® service platform from a traditional server infrastructure to a big data environment.
Betting on big data
“Our other system was having trouble scaling and supporting more in-depth analyses,” Caplinger explains. “Data mining was painful and licensing costs were prohibitive.”
- Solutionary turned to MapR enterprise Hadoop software running on the Intel® Xeon® processor-based Cisco Unified Computing System™ (Cisco UCS®).
- The cloud-based system has been live since spring 2013 for internal testing, and will go into production in early 2014.
“We’ve been very happy with the combination of MapR and UCS,” Caplinger reports. “We’ve configured the entire system as if it’s a network element, which makes it easier to configure, deploy, and manage. And because UCS blurs the line between the server world and the network world, we can do it with one team instead of separate server and network teams.”
“We are betting heavily on this system and these capabilities,” adds Don Gray, Solutionary’s chief security strategist. “We think it has big potential, and we’re not taking it lightly.”
Broader, deeper analytics
Built and tuned for big data analytics, the new Solutionary environment has opened up an entirely new realm of possibilities—both with the volume of data processed and the type of investigations performed.
“We can do deeper analytics than ever before,” says Gray. “We can do real-time analyses as logs flow into our system, with pre-processing to enrich the data and analyzers in memory. We can also do extremely large batch analytics.”
- Beyond one-off analyses, the system is helping Solutionary continually learn and build upon its knowledge base.
- By taking new data and insights, applying them to historical data, and re-analyzing the batch, Solutionary not only pinpoints current security events, but also the precursors and catalysts that led to them.
“In the past, we couldn’t perform longer-term analyses. It was much more difficult and complex to correlate current findings with historical data,” explains Caplinger. “We now have a much clearer picture of what is happening, why, and for how long.”
- In addition to actively monitoring and analyzing each customer’s data, Solutionary will also perform broader level trend analyses across its entire client base.
- Both deep and broad, these analyses will allow Solutionary to identify “slow and low” activity—like long-term surveillance—that would otherwise be difficult or impossible to detect.
“We have the ability to look for truly global activity that is impacting multiple clients,” says Gray. “The knowledge can be used to improve our services and client protection, and we can also modify and add to the analytics for new insights and value. We think it will be a big growth area for us.”
Benefits beyond security
According to Gray, one of the most significant benefits of the new platform is data accessibility—for both Solutionary and its customers.
“Many companies have avoided MSSPs because they don’t want to give up access to or control of their data,” he explains. “And in the past, we had to pull information for our customers upon request, which took effort and time. Because the new platform is cloud-based, clients will have their data at their fingertips.”
This means Solutionary customers will soon get more than security monitoring and protection. They will get additional use and value out of their data—for audits and investigations, IT management and service delivery, operational performance, and business intelligence.
“We are a security provider first and foremost,” says Gray. “But big data allows us to broaden the value and services we deliver to our customers. And it helps us innovate and adapt faster than ever before.”