Four Trends Driving the Need for Security Analytics
Security analytics is a rapidly growing field, full of potential but also rife with hype and misunderstandings. That makes it difficult for organizations to understand benefits, let alone make good decisions on implementing a security analytics program.
However, there is no doubt that organizations are enticed by the prospect of leveraging the full potential of security data. These include: centralized visibility across an enterprise to enable quick threat detection and resolution; utilization of Big Data technologies to effectively analyze the proliferation of largely unstructured data; and leveraging machine learning and artificial intelligence to discover anomalies and identify both external attacks and insider threats.
The following are four key drivers propelling organizations to take better advantage of security analytics in their day-to-day operations.
- The need to move beyond protection to detection: Attackers are using multiple attack vectors, exploiting several different vulnerabilities, and can go undetected for months.
- Security operations centers (SOCs) are drowning in alerts: Traditional security programs and security information and event management (SIEM) tools generate overwhelming volumes of alerts and data, making it harder for SOC analysts to determine what is a real threat and what is a false-positive noise.
- There is pressure to communicate results and return on investment: Faster detection and time-to-resolution are key metrics for security solutions. Improved threat detection and fewer false positive alerts allow analysts to quickly discover and respond to a breach.
- A unified view of the enterprise is needed: Traditional SIEM tools are limiting because they do not offer full fidelity of data, cannot add additional sources of data or provide flexibility when dealing with unstructured data, or offer a historical perspective to identify patterns over time. Use of a Big Data security analytics platform in conjunction with a management platform like Hadoop, however, does provide users with a centralized console and unified view of all security data.