Symantec announced plans Wednesday to build a ‘giant central big data store’ to combat targeted attacks. Symantec chief technology officer Stephen Trilling made the announcement and outlined the motivations and methods of the project.
The information-sharing hub will collect and analyze metadata from a variety of sources, including customers and competing companies. By storing only metadata, Symantec hopes to collect the scale of information necessary to provide a new and more comprehensive view of threats, while avoiding privacy and other post-PRISM concerns.
Storing the data centrally will allow Symantec to make the correlations necessary to identify attacks which otherwise would be hard to find.
“It’s all about scale,” Trilling said. “The bigger the better.”
Symantec says that the average breach is discovered after 243 days, because the current model of isolated data systems are inadequately equipped to deal with targeted attacks. In contrast with DDoS attacks, “targeted attacks are about getting in the servers.”
A survey conducted earlier this year by Guidance Software showed that data theft has contributed to attack resolution time becoming the biggest concern for network security professionals.
“The point of these campaigns is that they’re not volume based, they’re going for the crown jewels of a specific company,” said Trilling. “The crown jewels are different things for different companies, but they’re usually proprietary, core intellectual property. This is the area of attack that appears to be growing the fastest.”
Many governments and businesses have shown interest in the project, according to Symantec, which says it has already begun working on the massive undertaking.
Collaborative approaches to security through data sharing are not entirely new. HP launched “Threat Central” in September to allow customers to enhance their protection by sharing data, but Symantec’s approach differs in that it makes use of a centralized data center.
Reducing threats through information sharing is also one of the purposes of the controversial CISPA legislation in the US, and similar efforts in other countries.