Needle is a bad guy and haystack is your enterprise, how do you find the needle. Neil McDonald, a big data Gartner analyst suggests that you separate the hay as you know what hay looks like and find the needle. From a security context, Neil suggests that look for meaningful deviation from normal and isolate where the potential anomaly could emerge.
Eric Schou, Director of Product Marketing at HP ArcSight says that bad guys sit in your enterprise for close to 250 days without being detected. Even if you detect, it takes over 24 days to respond a data breach.
It costs about $8.6 million to remove each bad guy from your enterprise, and your enterprise loses on an average of 30 percent of market capital for every disclosure of bad guys.
Source: secuobs.com