In 2012, the SANS Institute issued a survey which found that 58% of enterprises were using some kind of log management solution and 37% were using SIEM. While seeming a positive discovery, the problem they found was that the solutions these respondents deployed were considerably “last-gen.”
In fact, they were so last gen they couldn’t possibly keep up with the deluge of data coming into and leaving their enterprise every day. Enterprise networks, customer and vendor interactions, and applications can generate terabytes of data a month—which can overwhelm information security systems. According to BI Survey, 62% of enterprises say that digital security threats have increased in the past year. Even with the assistance of human knowledge and intervention, traditional solutions may not be able to handle the sheer volume of cyber threats attacking your enterprise on a daily basis.
The SANS Institute’s suggested answer to this conundrum? Deploy a big data security analytics solution.
Much like traditional security analytics, big data security analytics monitors and analyzes incoming and outgoing data for indicators of a potential security incident. It also collects, analyzes, and stores huge data caches in real time, allowing for data correlation from across all of your enterprise’s endpoints (including the IoT).
Going Into Depth with Big Data Security Analytics
You can think of big data security analytics solutions as a branch off of SIEM’s tree. It incorporates many of the same tools that make up the heart of SIEM—log and event management, behavioral analysis, and data correlation—while adding some new capabilities such as operations management.
Yet big data security analytics is more than just the sum of its parts. It also offers powerful compliance reporting capabilities, including visualization options to help IT security professionals understand and respond to possible security incidents faster. Big data security analytics allows for greater scalability than traditional security analytics, as it can adapt to an ever-changing and ever-growing IT environment much more smoothly.
These security analytics solutions also enhance the detection capabilities of your enterprise’s cybersecurity platform. And this is more critical than you might think: prevention is a critical aspect of cybersecurity, but it can’t extend infinitely nor can it catch every threat. Your best chance to mitigate the full blow of a data breach is to catch threats after they have infiltrated your network as quickly as possible.
What’s Stopping Big Data Security Analytics Adoption?
In 2015, The SANS Institute conducted another study of big data security analytics, and found some surprising figures:
- Only 1 in 5 companies used big data security analytics at the time of the survey.
- Of the enterprises that did use this kind of cybersecurity solutions, 53% saw high benefits and 41% saw moderate benefits to their cybersecurity.
This represents a massive gap between the effectiveness of big data security analytics and its deployment. What’s causing this discrepancy?
According to SANS, “organizations are struggling mightily with finding the right skill sets to properly operate and maintain a security analytics platform for detection and response.” In other words, traditional security analytics requires human knowledge and actions to function their fullest potential, and big data security analytics is no different. Compounding this issue, cybersecurity talent is hard to come by lately. 32% of enterprises in 2015 said that their biggest security analytics problem is the lack of adequate analytical knowledge in their IT security teams.
Without that knowledge in hand, the data necessary to discover a breach might slip by, and data that indicates a false positive might be rounded up instead.
Invest in Solutions, Invest in Talent
So what does this all mean? Avoid big data security analytics?
Well, no. In fact, that may not be possible. ESG found in its own survey that 44% of enterprises believe their security analytics solution will become big data within the next few years. Another 44% believe they have already deployed a big data security solution.
Rather, if you are serious about selecting a cybersecurity solution—whether it be a traditional or big data security analytics—you should also see it as an opportunity to foster your cybersecurity talent. Whether via the hiring process, selecting an MSSP, or providing educational opportunities to your existing staff, you can’t afford to neglect the human element sitting in front of the screen.
Big data security analytics is like a power tool or a jackhammer. It can accomplish more than people could ever dream of doing alone…but you need the right person to wield it constructively.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019