Security breaches and events are often like cold cases. Some linger for long stretches of time before anyone notices. Once identified, it can be difficult to determine where, when, and how the problem occurred, and who or what is responsible. Many security breaches and events are never detected at all.

Solutionary, a wholly owned subsidiary of NTT Group, works to prevent such problems. The managed security services provider (MSSP) actively monitors its clients’ technology systems—including applications, servers, databases, firewalls, and network gear—to spot and throttle security events before they can have a negative impact.

“We’re not looking for viruses and malware,” says Dave Caplinger, director of systems for Solutionary. “We’re looking for behaviors—from devices or their users—that might signal a virus, malware, or other security event.”

But there is a major shift underway in how the company protects its customers.

Solutionary is transitioning its flagship ActiveGuard® service platform from a traditional server infrastructure to a big data environment.

“Our other system was having trouble scaling and supporting more in-depth analyses,” Caplinger explains. “Data mining was painful and licensing costs were prohibitive.”

In response, Solutionary turned to MapR enterprise Hadoop software running on the Cisco Unified Computing System™ (Cisco UCS®), which utilizes Intel® Xeon® processors. The cloud-based system has been live since spring 2013 for internal testing, and will go into production in early 2014.

“We’ve been very happy with the combination of MapR and Cisco UCS,” Caplinger reports. “We’ve configured the entire system as if it’s a network element, which makes it easier to configure, deploy, and manage. And because Cisco UCS blurs the line between the server world and the network world, we can do it with one team instead of separate server and network teams.”

“We are betting heavily on this system and these capabilities,” adds Don Gray, Solutionary’s chief security strategist. “We think it has big potential, and we’re not taking it lightly.”

Broader, deeper analytics

Built and tuned for big data analytics the new Solutionary environment has opened up an entirely new realm of possibilities—both with the volume of data processed and the type of investigations performed.

“We can do deeper analytics than ever before,” says Gray. “We can do real-time analyses as logs flow into our system, with pre-processing to enrich the data and analyzers in memory. We can also do extremely large batch analytics.”

Solutionary bets heavily on big data Cisco and Intel®

partnering in innovation

With a big data analytics platform in place, the managed security services provider is transforming the value it delivers to customers.

Unleashing IT, Big Data Special Edition

Beyond one-off analyses, the system is helping Solutionary continually learn and build upon its knowledge base. By taking new data and insights, applying them to historical data, and re-analyzing the batch, Solutionary not only pinpoints current security events, but also the precursors and catalysts that led to them.

“In the past, we couldn’t perform longer-term analyses. It was much more difficult and complex to correlate current findings with historical data,” explains Caplinger. “We now have a much clearer picture of what is happening, why, and for how long.”

In addition to actively monitoring and analyzing each customer’s data, Solutionary will also perform broader level trend analyses across its entire client base. Both deep and broad, these analyses will allow Solutionary to identify “slow and low” activity—like long-term surveillance—that would otherwise be difficult or impossible to detect.

“We have the ability to look for truly global activity that is impacting multiple clients,” says Gray. “The knowledge can be used to improve our services and client protection, and we can also modify and add to the analytics for new insights and value. We think it will be a big growth area for us.”

Benefits beyond security

According to Gray, one of the most significant benefits of the new platform is data accessibility—for both Solutionary and its customers.

“Many companies have avoided MSSPs because they don’t want to give up access to or control of their data,” he explains. “And in the past, we had to pull information for our customers upon request, which took effort and time. Because the new platform is cloud-based, clients will have their data at their fingertips.”

This means Solutionary customers will soon get more than security monitoring and protection. They will get additional use and value out of their data—for audits and investigations, IT management and service delivery, operational performance, and business intelligence.

“We are a security provider first and foremost,” says Gray. “But big data allows us to broaden the value and services we deliver to our customers. And it helps us innovate and adapt faster than ever before.”

Speak to a Cisco Big Data expert

You have questions, we have answers. For a complimentary consultation with a Cisco Big Data expert about your challenges and opportunities, request a meeting at: www.UnleashingIT.com/BigData/MeetingRequest.aspx.

This article first appeared online at www.unleashingit.com, available after subscribing at www.unleashingit.com/LogIn.aspx.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, Unified Computing System, and UCS are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1309)

Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.

Unleashing IT, Big Data Special Edition