MS: There is an interesting site for travel agents. You, as the buyer of the vacation, enter a description of the type of vacation you want: if you want it to be a romantic experience, an athletic experience, a trip with your wife, etc. So, you provide a broad outline of the experience you are looking for, and then agents from around the world bid on supplying your needs. Then you can pick the top three and get prices. After that you pick the one you want. Basically, instead of you doing all the work and interrogating 10 different agents, you just make a one-time statement of what you are looking for, and they bid on that.
SM: I think what you said earlier about the nomenclature is one of the tricks to all of these exchanges. You need a flat indication and taxonomy under which people are categorized and set up their profiles or projects. The organization of the marketplace is what drives the marketplace to succeed.
MS: I agree. That is one area. The information security market has continued to be very robust as people keep using technologies in different ways and we expose ourselves to different risks. People are looking for new tools to either limit their exposure or detect that something is going wrong so that they can deal with mitigating the problem more effectively rather than avoiding it completely. I believe there is an underexplored confluence between big data technology and information security. Every CIO I have talked to doesn’t have problems finding tools that create tremendous volumes of data about the activity taking place on our networks or within our applications. What we are really suffering from is turning all that data into useful information. Everybody has a security operation center, but then you have people who just scratch the surface with the information they give. They are just trying to put out the bonfires. They don’t have time to look at the smaller smoke that is coming out of certain holes and corners of the corporations. Most companies are not going to invest in huge data warehouses internally in order to process, understand, or extract information of what is drawn by those detection tools, investment management tools, or application firewall tools. Instead you have humans who try to piece that together and jump on to things that seem to be the biggest threat.
In my personal experience, every time we deal with a security incident and we do the forensic work on it, almost every time we find two or three other discrepancies that bear additional forensics which were only discovered because there was another incident that we tripped over. Once we manage to capture, it there are three other things that should have been investigated. I go to a lot of data conferences and information security conferences, and they are just two ships sailing along in parallel. Those two communities don’t really talk to each other. I think there is a lot of improvement that could occur there as well.
SM: Do you mean in the conference of security and big data?
SM: Have you seen any startups that are operating in that space?
MS: Nothing comes to my mind right now, but my visibility is admittedly limited. BMC has a B2B type of business model. We sell software to large enterprises primarily. We don’t deal a lot with data like healthcare records, Social Security numbers, or credit card information. We are not involved in this market as much as others are. I was at a CIO panel at a MacAfee user meeting. One of the questions from the audience was: “Is big data just a passing fad which will disappear from the industry in a year’s time?” I looked at the audience and said, “You have to be kidding me. You guys at MacAfee sell all these tools, have all this data, and nobody can ever completely look at all the information that is flowing through these tools. Big data is the only solution out there for this.”