EDITOR’S QUESTION
SECURITY
ANALYTICS – DOES
YOUR SECURITY
OPERATIONS NEED
IT?
A
lthough security spending
is at an all-time high,
security breaches at major
organisations are also vat an all-time
high, according to Gartner. The impact
of advanced attacks has reached
boardroom-level attention, and this
heightened attention to security has
freed up funds for many organisations
to better their odds against such
attacks.
“Breach detection is top of mind for
security buyers and the field of security
technologies claiming to find breaches
or detect advanced attacks is at an
all-time noise level,” said Eric Ahlm,
research director at Gartner. “Security
analytics platforms endeavour to bring
situational awareness to security events
by gathering and analysing a broader
set of data, such that the events
that pose the greatest harm to an
organisation are found and prioritised
with greater accuracy.”
When it comes to gathering masses
of security data that can be analysed
to bring greater meaning to security
events, security information and event
management (SIEM) technologies are
topping the list of likely solutions. While
76
INTELLIGENTCIO
most SIEM products have the ability
to collect, store and analyse security
data, the meaning that can be pulled
from a data store (such as the security
data found in a SIEM) depends on
how the data is reviewed. How well a
SIEM product can perform automated
analytics — compared with user queries
and rules — has become an area of
differentiation among SIEM providers.
User behaviour analytics (UBA) is
another example of security analytics
that is already gaining buyer attention.
UBA allows user activity to be
analysed, much in the same way a
fraud detection system would monitor
a user’s credit cards for theft. UBA
systems are effective at detecting
meaningful security events, such as a
compromised user account and rogue
insiders. Although many UBA systems
can analyse more data than just user
profiles, such as devices and geo-
locations, there is still an opportunity to
enhance the analytics to include even
more data points that can increase the
accuracy of detecting a breach.
As security analytics platforms grow in
maturity and accuracy, a driving factor
for their innovation is how much data
can be brought into the analysis.
Today, information about hosts,
networks, users and external actors is
the most common data brought into
an analysis. However, the amount
of context that can be brought into
an analysis is truly boundless and
presents an opportunity for owners
of interesting data and the security
providers looking to increase their
effectiveness.
www.intelligentcio.com