The CSO 2016 Security Data Analytics Survival Guide

What you need to know about how analytics are changing cybersecurity

Credit: Dreamstime

Is big data security analytics still a thing? A handful of years ago security and big data were mentioned in the same breath as one might say peanut butter and jelly, and big data security analytics was the buzz phrase that was buzzing the most loudly in every corner of the security industry. Perhaps the security big data analytics hype machine hit its most fevered pitch in 2013.

Today, we don’t hear quite as much about “security big data.” But that doesn’t mean that it’s no longer relevant. To tweak a phrase familiar from Gartner, the hype is cycling down from the peak of inflated expectations and, hopefully, heading to the plateau of productivity.

Big data security analytics is about using security analytics to improve security and obtain value from cybersecurity efforts. It’s about helping security teams to focus on the threats, vulnerabilities, and security controls that matter. A good big data security analytics program should help organizations do just that.

In the CSO story "Analyze this, and that: CSOs latch on to better data tools ,"Peter Miller, CSO at Orange County, Florida, explained to CSO’s Michael Fitzgerald just how important security analytics has become to his job. “Security is all about the metrics, too, and analytics will give you that. You're logging it and can quantify it," said Miller. "I can't imagine doing my job without analytics," he said.

That could explain why, according to the research firm Markets and Markets, that the global security analytics market will be worth $3.22 billion by the year 2018. By some estimates, the security analytics market is growing just shy of 7.8% annually.

The federal government has been a big investor in security analytics capabilities. Following the National Security Agency contractor Edward Snowden classified information disclosure that hit the NSA a couple of years ago, the NSA quickly moved to improve its security and monitoring capabilities, according to an interview with NSA CIO Greg Smithberger. As a result, the NSA now relies more on behavior analytics to help protect a private cloud that provides storage, computing and operational analytics to intelligence agencies.

Many would expect big government agencies to have the budget and skillsets to benefit from big data security analytics. But can security analytics, and even machine learning, help regular enterprises to detect and respond to attacks more quickly? It already is, whether or not the enterprise is already aware of that fact, because many of the tools security professionals use are increasingly relying on analytics and machine intelligence. According to Mary Branscombe’s story, "How much security can you turn over to AI?," security vendors are trying to use deep learning to understand better how malware acts, so that attacks can be spotted in real time.

Still, many enterprises are relying on security analytics to detect attacks and breaches. “Most organizations lack visibility; if you can’t see it, you can’t protect it. We can detect outliers,” Splunk’s Matthias Maier told Branscombe. “We summarize similar users who have similar behavior and then we show that, and if there’s an outlier who has always behaved similarly but is now behaving differently? That’s an anomaly you want to look at.”

How are you planning to use security data analytics to find, collect, and analyze the right information and get it into the hands of analysts that can make a difference in your security efforts? Or, are you already doing so? In the stories collected below, you’ll see how enterprises, vendors, and others are putting data analytics to work to improve security.

How the NSA uses behavior analytics to detect threats

The CIO of the National Security Agency says analytics protect the U.S. intelligence community’s private cloud system from internal and external threats.

IBM to tackle fraud with Iris Analytics

No, this isn't about using Watson AI systems to identify fraudsters by gazing deep into their eyes: IBM has acquired a German machine learning software firm called Iris Analytics to bolster its antifraud software.

Security pros worried about stolen credentials, alert volumes

The majority of security organizations received more alerts than they can handle and don't have a way to spot stolen credentials, according to a survey released today.

User Behavior Analytics: A complement to baseline hygiene

Rapid 7 talks about alert fatigue, the benefits of UBAs, and the need for baseline security tools.

How much security can you turn over to AI?

Machine learning and behavioral analytics could help you detect attacks faster – or stop them before they even start.

IBM will bring Watson to security later this year

Cognitive Computing and Cybersecurity, IBM Watson Cybersecurity

Public-private cyber threat intelligence sharing necessary in electricity industry

Cybersecurity professionals are hungry for a strategic advantage to battle new denial-of-service attacks and unauthorized access to systems. The electricity industry has started to focus its efforts on combating the issue head-on through timely cyber threat intelligence. If you understand your adversaries’ tactics, intent, and capabilities, you can develop strategies to combat their attacks and better plan for future threats. Better, more proactive security can be achieved through information sharing agreements and partnerships with other utilities, regulatory agencies, and intelligence partners.

Fraudsters Bank on Business Accounts: How to Protect Your Funds Online

Business banking is a popular target for hacks and attacks. Craig Priess of Guardian Analytics offers practical defensive steps.

Report: Strategic data analytics can reduce shrinkage

Strategic data analytics can reduce shrinkage for retailers, restaurants and manufacturing companies by helping loss prevention pros use early warning indicators to stop problems before they start.

Data explosion offers challenges, opportunities to security pros

Enterprises are dealing with a flood of security data from firewalls, networks, email systems, individual work stations, servers, and other devices -- Big Data analytics helps companies process all this information, prioritize the most significant threats, and weed out random noise and false alerts.

Big Data without good analytics can lead to bad decisions

Experts warn that the temptation to let the computers do it all, without the human element, can lead to trouble.

RSA Security Analytics: Art Coviello on why Big Data is a big deal

If an event at RSA's Burlington, Mass., headquarters yesterday was any indication, attendees at RSA Conference 2013 can expect to hear a lot about Big Data as a security tool.

Five signs an employee plans to leave with your company’s data

Predictive analytics plays a growing role.

Big data analytics can help banks stop cyber criminals accessing secret data

Monitoring digital footprint across all of the web can mitigate attack risk, says a financial tech start-up.

Securing big data off to slow start

While big data implementations have taken off, the work needed to secure these systems has not.

Big Data still 'a new frontier' for most of the public sector

NSA surveillance technology is cutting edge, but for most of the government, Big Data analytics is a promise unfulfilled

Government security workers have a big data problem

Better analytics could help government workers improve security, but they are hindered by tight budgets and many say they're already overwhelmed by the data they have now.

Video: Alex Hutton on Big Data, risk management

Alex Hutton discusses Big Data and risk management.

Analyze this, and that: CSOs latch on to better data tools

With the emergence of more powerful tools, analytics are becoming more important than ever to security teams.

Attackers are building big data warehouses of stolen credentials and PII

Attackers are swapping, selling, and associating increasing stores of linked PII and credentials to run deeper, broader, and more stealthy information invasions.

Show Comments