How the Cloud and Big Data Might Help Win the Hacker Wars

Hewlett-Packard’s senior VP and head of its Software Enterprise Security Products, Art Gilliland, is speaking today at the RSA Security conference in San Francisco. Security is turning out to be one of those small but bright spots within HP in its long, slow but encouraging turnaround effort. During last week’s earnings conference call, CEO Meg Whitman said that security products within the software unit experienced double-digit revenue growth.

Whitman didn’t get more specific, and yes, that growth would have to be off a small base relative to the rest of HP. But I’ve been sort of positive on security as an opportunity for HP for a while. Remember that over the last few years, HP has beefed up its security assets via acquisition: It has TippingPoint by way of its acquisition of the networking company 3Com, and it also bought ArcSight, a security software firm.

So with this in mind, I had a quick chat with Gilliland a few minutes before he was to take the stage at RSA.

Gilliland said it’s time for the security industry to start thinking about ways that it can disrupt the steps in the process that attackers follow as they break into corporate systems and steal data. “The industry needs to focus on the adversary in a little different way than it has in the past. We spend a lot of time on the actors themselves, and we don’t spend enough time focusing on the marketplace in which they participate. That marketplace behaves in a very specific way.”

Attackers, Gilliland said, are good at sharing and monetizing intelligence, much better, in fact, than the security industry itself. Because of that, he suggests a few things.

First, build new capabilities to disrupt the attackers’ processes at every stage. “We spend most of our budgets on literally one step of their process. We spend five times more on the break-in stage than we do on any other stage,” he said. Disrupt all the steps in that process, he argued, and you make it more costly and difficult for attackers to do what they do.

Big Data can help focus on the other two areas. The second piece is finding attackers while they still have access to the system — that is, after they’ve broken in but before they’ve made off with whatever it is they’re trying to steal. “That’s the most damaging stage, and so we need to focus more energy there,” Gilliland told me. “We need to find them after they’ve gotten in but before they’ve stolen any data. As an industry, we’re pretty bad at that.”

Finally, he’d like to challenge the industry to harness the cloud and big data technologies to build a security- and intelligence-sharing infrastructure. Such an approach would help companies share the expense, while benefiting from each other’s experiences. “We could use those technologies for collective security. We can collaborate together, and big data allows us to consume massive amounts of data. If we do that effectively, I think we can win.”