Information security has always been a large producer and consumer of data. More sophisticated best practices and expanding compliance and regulatory requirements have almost exponentially accelerated the production and consumption of data. Event and activity logs have grown to big data proportions and the diversity of data being consumed has become significantly more varied. As the need for continuous security intelligence and accelerated incident response increases, traditional log and event management tools and monitoring practices are becoming increasingly insufficient.
IT and security are deluged with thousands of alerts daily—a majority of which appear to be critical— making response an insurmountable task with affordable staff levels and traditional tools. With so many critical alerts, IT and security have moved from the analogy of finding the needle in the haystack, to identifying and prioritizing the needle in the stack of needles.
The era of big data is demonstrating to information security that there is more that can and must be done to identify threats, reduce risk, address fraud, and improve compliance monitoring activities by bringing better context to data and creating information for actionable intelligence.
This research studies how both management-and operations-level IT and information security practitioners perceive the change in the volume and types of data available and the tools needed to provide analysis to generate actionable threat intelligence.
Advanced security analytics provides new adaptive algorithms called machine learning as well as big data analysis techniques that can be utilized to identify abstract data relationships, anomalies, trends, and fraudulent and other behavioral patterns, creating information where only data existed. The era of big data is driving the next technology evolution.
Security analytics, though a relatively new field of technology, is the next step in the areas of detection and response, with possible impacts on prevention as well. Machine-learning algorithms and analysis techniques have advanced far beyond the capabilities of what was available in the commercial markets only two to three years ago. They also address the issue dubbed “We don’t know what we don’t know.” Security analytics’ core function is to monitor and collect vast amounts of information from the environment to identify threats that indicate elevated risk and ultimately prevent lateral spread of those threats and data exfiltration. To succeed in this endeavor, the analytics platform performs the identification of threats and prioritization of threats without the requirement for the administrators and analysts to create policies or rules.
Security analytics tools provide practitioners a means to meet their needs for continuous actionable security intelligence to provide timely response to attacks and prevent attacks from becoming breaches.