IDC sees a remarkable shift in how organizations are furthering the use of analytics in information security. “Analytics” is a broad term – just as “information security,” is. In the context of security however, 2017 was a transitional year. At that time, user entity and behavioral analytics (UEBA) became ubiquitous, seen in endpoint, security point products, and managed security service platforms.
User entity and behavioral analytics (UEBA) was used to establish a pattern of behavior of entities on a network – this was needed because malware often goes undetected and behavioral anomaly is the last chance to detect an indicator of compromise (IOC). Since then, organizations got better at analysis – not just about transactions, but to the minute details of behaviors of individuals, users, devices, and entities.
Analytics is now used extensively to provide insight to log and flow data in devices, where agents cannot be deployed. This is increasingly important in the emergence of Internet of Things (IoT). In terms of security analytics, they are used to collect alerts, reduce false positives, iron out redundant alerts, and refine alerts to produce an actionable version of the truth.
Last, analytics can be predictive — optimally, analytics can be used to anticipate a type of attack witnessed against one network but then use the information to initiate a set of defenses against other potential targets.
Security analytics will therefore help as digital trends reach more and more crucial inflection points. For one, because the number of digital interactions that customers have with companies – from banks, to telcos, to retailers, even to government – is sharply on the rise, while companies are encouraged to focus on ensuring that their services are available all the time.
The availability of services, especially online services, is the key driver of customer satisfaction in many countries, featuring well in a list of common customer satisfaction drivers across different markets: speed, location, reliable security, and short wait times.
The increase gaps between company – to – customer interactions points appears more chances of information security lapses – the field for failure has simply expanded. Beyond this, however, is the problem of scale: how companies can efficiently analyze huge volumes of data to identify potential points of failure. In reality, a large portion of security services is now spent tracking, monitoring, and analyzing all of the growing data volumes.
Here, the challenge is how to look at a large quantity of data, detect an attacker’s presence on the network, and not get drowned by an excessive volume of security alerts, or lose the context of individual network behaviors.
Photo Source: freepik.com
Concerning big data security, IDC finds that too much time might be spent on sifting through the data such that an effective and timely response, to the potential or actual data breach. And this is not achieved. Thus, the impact of the breach is not be able to be prevented or minimized in the end. For example, traditional security information and event management (SIEM) technologies have aggregated information, but the way they source and store data makes it difficult for a company to be more proactive with that information.
There is also the problem of real time. IT teams and IT security teams call for the ability to collect data in real time, or close to real time, since network traffic is a continuous stream and the data must beanalyzed as soon as it is captured.
Mastering the economics of data scale is of great importance here, asthere is a direct correlation between
- the amount of data an analyst is analyzing,
- the complexity of that analysis; and
- the time in which results can be received.
Scale and real-time capabilities should be a balancing act. Another important concept is properly preparing and guiding security analysts to deal with large volumes of data. A common error is thinking that analysts are the ones who have sole responsibility to correct questions and to ask regarding the data. Instead, organizations have to actively arm analysts with a holistic and integrated data set such that they can efficiently draw insights out of the data and avoid analyst fatigue.
To increase efficiencies and also limit analyst fatigue, some external parties are now offering robust big data security services, providing the resources required to deal in an efficient manner. IDC expects managed security services grow in the Asia/Pacific region in the near to medium term.