Among the various guests broadcast on theCUBE this week from the Las Vegas Splunk Conference .conf2013 was Demetrios Lazarikos, also known as “Laz”.  Lazarikos has a real-world perspective on current security and technologies with a background as the Chief Information Security Officer (CISO) for the Sears Online Business Unit, and as an IT Security Strategist and Thought Leader.  He shared some thoughts on Splunk, Big Data, and security with Dave Vellante and Jeff Kelly.

Lazarikos shared some of his background and gave some perspective on how security has become so important through the ages.  While there were a handful of organizations that were early in taking security seriously, it wasn’t until PCI-DSS came into the picture around the year 2000 that companies largely started to become more serious about security.  Obvious early adopters were government and financial institutions, but it wasn’t long after for Lazarikos that Sears Online came knocking.  They were looking to build a security platform from the ground up and gave Lazarikos all the latitude that would be required to keep the security platform as flexible, scalable, and obviously secure as can be.

NSA Side Effect: Awareness and Attention

Touching on that note, Vellante noted that security initiatives indeed are commonly rooted in compliance adoption and the changes they entail.  Similarly, with all the revelations in the news about NSA surveillance efforts, there is much more awareness from a greater amount of people about the way data in general is exposed, especially in the last 6 to 9 months.  Lazarikos notes that indeed there is more attention being paid to identifying what data people are protecting.

Big Data Landscape for Security

One of the most interesting emerging technology types which we cover here often at SiliconANGLE, is the entrance of intelligent learning security.  Lazarikos talks about this crop of technologies that utilize data patterns and the power of big data.  Organizations are taking on a number of challenges as they look to reach out into the cloud, into third party environments. There’s a way to do this but to do it securely it requires understanding patterns and implementing session intelligence due to this new landscape.  It means monitoring behavior and analyzing traffic for good or bad characteristics.  There are a number of companies out there as Lazarikos points out SilverTail, that leverage analytics for session behavior.  Adding to the challenge, to do this thoroughly, it has to be complemented with other threats that are going on in the environment as well, as behavior analytics gets to the problem of internet-based traffic for internet facing web applications.  Another challenge in the wild today is that traditional security tools are getting bypassed by criminals and hackers, defeating things like firewalls and intrusion detection systems (IDS).  This limitation has opened the door for big data, a term that has seen some marketing abuse but wholly applies in this case as it processes and produces behavior analysis from a wide range of machine data from throughout the enterprise.

Security Has to Evolve

Lazarikos describes the threat landscape and what security will look like in ten, fifteen year.  Criminals are ever more organized, they are implementing increased communication through texts, tweets, and becoming more sophisticated by the day.  Security professionals are going to need to adapt to this in a similar fashion and evolve accordingly.  All you have to do is look at these black market areas where tools and loot are traded.  Another painful truth is that there is a major gap in between when an intrusion occurs and when it is detected.  That is a statistic that is found over and over again in studies and reports and Lazarikos states that one of the most commonly cited figures 415 days is on the light side, and that it’s far beyond that.  What that means is the discussion needs to be taken to the board and C-level discussions.  Security has to be driven now from that level-down.  It should be communicated that companies are big targets, they have assets to protect, company roadmaps, intellectual property on the line and execs need to understand the risks.  That means understanding how much to invest in security, what framework to establish and follow, because business is mobilizing, but cybercriminals are mobilizing too increasingly towards high communications and changing open environments.   Thankfully many execs seem to be reaching out to research put out by Forrester and Gartner and therefore moving towards a risk-based approach.  These types of approach can mean quantifiable losses can be projected from that risk basis, valuable for executives.

Big Data Rising to the Challenge

The vendor landscape of course includes Splunk whose machine data methodology is validated over and over again particularly in security use cases as it is open, allows any data feed and it allows organizations to extend on its big data strategy.  Many more vendors are in the mix now, adding big data analysis and it makes sense, security threats and events are growing so there’s a great intelligence portfolio that is building answers for mobile, analysis, big data.  We are seeing this emergence and acquisition of these companies as well.

InfoSec Skills in this New Security Age

The role of security professionals includes an evolving set of skills, something that has always been the case, but now it is incorporating these data analytics.  This goes beyond the traditional network and operating systems security levels into an increasingly extended realm of mobile, big data, social and even cloud and more elements are adding into the mix all the time.  This validates the risk based approach to security as it best answers these multiple evolving challenges in keeping in tune with potential threats as the landscape changes.  Lazarikos recommends were he to coach someone on infosec, to learn on several areas, but collaborate with other security practitioners as that is the cycle of mentoring the next generation and remain cognizant of the continuing evolution.

Lazrikos closes with his most critical action item, if he were to have one definitive immediate security action item to take to any organization.

“Perform a risk assessment on all of their IT assets RIGHT NOW – Put a budget in place, hire a compnay to go in there and coach them and train them on why this is important and what they need to .

Don’t spend money on firewalls, don’t spend money on hardware, don’t spend money on software, do a formal perform a formal risk analysis of your environment before you make that investment.”

Sound advice.