安全需要大视野，而不仅仅是大数据

编者按：尼尔·奥奇格罗索（Neill Occhiogrosso）是早期风险投资公司CostanoaVenture Capital合伙人。

当我们在安全和其他领域寻找新的机遇时，往往会将目光放在当前IT行业大趋势的几个热点上面：云、移动、大数据。这些趋势，尤其是它们之间的相互作用，正在 极大地改变安全需要。让这种情况进一步复杂的是，潜在黑客的特征正在不断发生着变化——现在既有国际有组织犯罪团伙成员，也有敌国政府的雇员。与此同时， 我们还看到了多个新解决方案的潜力，而每个解决方案都可以成为一家或多家成功企业的基石。

第一个解决方案是，运用大数据技术来建立安全视野。这也是“Applied Big Data”（应用大数据）的经典例证，即运用新的分析技术来解决企业当前面临的问题。目前，安全专业人士正被淹没在日志文件、漏洞扫描、各种提醒、各类报 告等数据的海洋中，但这些数据并非不可操控的。

这种认识并不是毫无价值的：多桩引起广泛关注的黑客攻击事件恰恰源于几个月前甚至几年前发现 的漏洞。未来将取决于分析这种数据的能力，向安全专业人士提供全面的安全态势观点。告诉他们什么正处于风险之中，这种风险有多严重，面临风险的资产有多重 要，如何进行修复等等。以风险I/O（输入输出）方法解决这个问题会给我们带来广阔的前景，对于CostanoaVenture Capital领投了这个领域最新一项投资，我们感到十分自豪。

我们探索的另一个领域则是用以追踪资产状况的安全解决方案，无论资产身在何 处，这种方案都能提供保护。随着云基础设施（无论是公有云还是私有云）的建设和自带设备办公（BYOD）趋势的流行，那么在数据保护上也就没有了一个特定 的范围，每一个堆叠层都是动态的。无论应用、数据和用户身处何方，安全专业人士都必须能够充分利用安全政策，这些政策必须根据不断变化的环境来适应新的条 件。

有一种越来越流行的说法是，目前有两种组织：一种是系统已遭到黑客攻击的组织，另一种则是尚不清楚系统是否遭到攻击的组织。随着黑客攻 击手段越来越高明，基于特征的入侵检测手段很难派上用场，因此人们就需要新的解决方案，用以快速发现具有潜在危险的异常行为（可能会用到机器学习技术）， 预防黑客攻击，或是避免一旦系统遭攻击未能及时发现恶意行为，从而将负面影响降至最低。

Costanoa VentureCapital投资的另一家公司GuardianAnalytics就利用基于行为的技术来分析寄存于网上银行平台的数据，避免大范围欺诈 行为的发生。这仅仅是将数据科学应用于现有数据集，用以消除更难以察觉的威胁的一个例子。将来，我们可能还会拥有针对不同应用和不同攻击类型的解决方案。

最后，安全市场还需要高效的数据捕捉和分析技术，这种技术可以基于历史全面覆盖整个基础设施——有时甚至持续几个月——用以追踪系统遭黑客攻击的时间和方 式，以及带来的影响。这是典型的大数据问题，涉及到数据的数量、类型和速度等等。如今，这种数据或许易于处理，而我们正在寻找具体的解决方案。

我们生活在一个激动人心的时代，但不幸的是遭遇了安全问题，所以这是一把双刃剑。新技术也给不法分子实施犯罪带来了新的机遇。我们相信具有创新精神的企业会不断涌现，肩负起应对这一挑战的重任。

图片来自于布莱斯·德宾（BryceDurbin）

英语原文：

In looking for new opportunities in security and many other sectors, we look for the echoes of the current IT mega-trends: cloud, mobile, big data. These trends, and especially the interactions between them, are dramatically changing security needs. Add to that the changing profile of would-be hackers — now a frightening mix of international organized crime and employees of enemy governments — and we see the potential for several new solutions that can each be the foundation of one or more successful companies.

The first is the application of big data technologies to produce security insights. This is a classic example of “Applied Big Data,” the application of new analytic technologies to a current business problem. Security professionals are drowning in log files, vulnerability scan reports, alerts, reports, and more, but the data is not actionable.

This isn’t an idle observation: Several high-profile breaches happened through vulnerabilities that had been documented months or sometimes years prior. The future lies in analyzing this data to give security professionals a comprehensive view of their security posture. Tell them what is at risk, how severe the risk, how important the asset is, and how to fix it. We see tremendous promise in Risk I/O’s approach to this problem, and we’re proud to have led their most recent investment.

Another area for exploration is security solutions that follow assets to protect them wherever they are. With cloud infrastructures (both public and private) and bring-your-own-device mobile enterprises, there is no perimeter and every layer of the stack is dynamic. Security professionals need to be able to apply security policies to applications, data, and users wherever they are, and those policies need to adapt based on the changing context.

There’s an increasingly popular saying that there are two types of organizations now: those that have been breached, and those that just don’t know it yet. As attacks have become too sophisticated for signature-based detection, there is a need for solutions that quickly notice anomalous and potentially dangerous behavior (likely leveraging machine learning) to prevent breaches or — failing that — detect malicious behavior once a breach has occurred, and minimize its impact.

Guardian Analytics, another Costanoa investment, applies behavioral analytics to data already resident in online banking platforms to prevent a broad range of fraudulent activity. This is just one example of applying data science to existing data sets to address more nebulous threats. There will be more opportunities looking at different applications and different types of attacks.

Finally, there is also the need for efficient data capture and analysis that can look broadly and historically across an infrastructure, sometimes trailing several months, to see when and how a breach occurred, and what the consequences were. This is a prototypical big data problem. It involves great volume, variety, and velocity of data. It now may be tractable, and we are on the lookout for solutions.

We live in an exciting time, but unfortunately in the case of security, that is a double-edged sword. New technologies present new opportunities for criminals. We are optimistic that great new companies are emerging to rise to the challenge.