Share with your friends










Submit

Analytics Magazine

Survey: Security analytics challenging but effective

Security analytics solutions are delivering deeper visibility into organizations’ security data than ever before, but deployment and day-to-day usage remain challenging, according to a new Ponemon Institute survey sponsored by SAS.

“There has been much said about the promise of security analytics to improve security operations,” says Larry Ponemon, chairman and founder of Ponemon Institute. “This is one of the first studies to deeply examine actual use of these solutions and identify where organizations are succeeding and struggling.”

Most responding IT and IT security practitioners believe security analytics solutions have greatly improved their organizations’ overall security posture. They said the solutions make it easier to reduce false positives and to spot and stop anomalous traffic. However, these improvements come with challenges, starting with implementation. More than half of respondents (56 percent) characterized their initial deployments as “difficult” or “very difficult.” Among them, 65 percent cited the configuration and/or tuning required to make the system usable.

“Nearly all solutions require initial configuration and tuning for optimal performance,” says Stu Bradley, vice president of Cybersecurity Solutions at SAS. “Organizations can avoid many pitfalls by clearly defining workflows and project goals before starting an implementation.”

Respondents also cited data issues as deployment obstacles, with about half (51 percent) noting “too much data” and 45 percent indicating problems accessing the required data.

Even beyond deployment, a significant majority (65 percent) pointed to data challenges, top among them data quality (cited by 66 percent of the respondents), data integration (65 percent) and data volume (55 percent).

“Organizations often want to jump immediately to the analytic output, shortcutting initial steps required to get the data right,” Bradley adds. “But if they don’t appropriately address the data up front, they’ll suffer for it later and face major challenges deriving what they expect from their security analytics solution.”

Respondents reported gaps between threats they want their solutions to detect and those they’re actually finding. They identified data exfiltration (cited by 50 percent of the respondents), adversary reconnaissance (40 percent), adversary lateral movement (36 percent) and malicious insiders/insider threats (36 percent) as most important for their security analytics solution to detect. Yet none of those are among the threats their solutions are proving most adept at detecting, which they specified as account compromise (named by 50 percent of respondents), privilege escalation (48 percent) and malware deployment/delivery (46 percent).

“When you look at these security objectives, they’re all very different – and they each bring fundamentally different data into play,” Bradley adds. “That speaks to the breadth and depth of analytic sophistication needed for an organization to develop all the right capabilities. Success requires a confluence of different analytic disciplines and a carefully plotted road map for maturing analytic capabilities. With such a road map, organizations can make the most of their limited security resources.”

Although current solutions don’t seem to be living up to the hype, organizations are already deriving tremendous benefit from security analytics. Among respondents, 61 percent consider security analytics critical to their cyber defenses, and 71 percent expect to expand its use over the next year.

“With security analytics still in its infancy, this survey is a critical benchmark,” says Ponemon. “It shows we’ve come a long way in a short period, but the industry hasn’t yet mastered the complexity. With this user pulse reading, though, the industry’s call to action becomes clear.”

“Security analytics clearly isn’t as effective as security practitioners need it to be,” Bradley adds. “Addressing these challenges calls for a ‘lifecycle’ approach – one that doesn’t just focus on data and algorithms. What we need is a consistent, governed process for deploying analytics. And the analytics must be consumable across a broad range of resources. It’s a difficult challenge. But building analytic sophistication ultimately pays off in improving organizations’ ability to discover, detect, investigate and respond to security events in a reliable, repeatable way.”

Related Posts

  • 57
    Four analytic technologies recently patented by analytic software firm FICO are being incorporated into solutions for cyber security, the Internet of Things (IoT), model governance and optimization.
    Tags: data, analytics, security, solutions
  • 57
    The Virginia Department of Medical Assistance Services (DMAS) speeds medical care to citizens in need by analyzing massive amounts of data using SAS Analytics. More and more, that care involves treating opioid addiction.
    Tags: data, sas, analytics
  • 57
    January/February Cybersecurity: new threats, new solutions The IOT and related, hidden security risks Can analytics save U.S. healthcare system? March/April Supply chain advances and solutions Software survey: vehicle routing Capitalizing on AI & machine learning May/June Social media, marketing & analytics Real-time customer personalization Next generation revenue management July/August Software…
    Tags: analytics, solutions, data, security
  • 56
    Most business leaders today believe in the value of using data and analytics (D&A) throughout their organizations, but say they lack confidence in their ability to measure the effectiveness and impact of D&A, and mistrust the analytics used to help drive decision-making, according to a new survey from KPMG International.
    Tags: analytics, percent, organizations, data
  • 56
    The CUNY School of Professional Studies is offering a new online master of science degree in data analytics. The program prepares its graduates for high-demand and fast-growing careers as data analysts, data specialists, business intelligence analysts, information analysts and data engineers in such fields as business, operations, marketing, social media,…
    Tags: data, analytics

Headlines

Using machine learning and optimization to improve refugee integration

Andrew C. Trapp, a professor at the Foisie Business School at Worcester Polytechnic Institute (WPI), received a $320,000 National Science Foundation (NSF) grant to develop a computational tool to help humanitarian aid organizations significantly improve refugees’ chances of successfully resettling and integrating into a new country. Built upon ongoing work with an international team of computer scientists and economists, the tool integrates machine learning and optimization algorithms, along with complex computation of data, to match refugees to communities where they will find appropriate resources, including employment opportunities. Read more →

Gartner releases Healthcare Supply Chain Top 25 rankings

Gartner, Inc. has released its 10th annual Healthcare Supply Chain Top 25 ranking. The rankings recognize organizations across the healthcare value chain that demonstrate leadership in improving human life at sustainable costs. “Healthcare supply chains today face a multitude of challenges: increasing cost pressures and patient expectations, as well as the need to keep up with rapid technology advancement, to name just a few,” says Stephen Meyer, senior director at Gartner. Read more →

Meet CIMON, the first AI-powered astronaut assistant

CIMON, the world’s first artificial intelligence-enabled astronaut assistant, made its debut aboard the International Space Station. The ISS’s newest crew member, developed and built in Germany, was called into action on Nov. 15 with the command, “Wake up, CIMON!,” by German ESA astronaut Alexander Gerst, who has been living and working on the ISS since June 8. Read more →

UPCOMING ANALYTICS EVENTS

INFORMS-SPONSORED EVENTS

INFORMS Computing Society Conference
Jan. 6-8, 2019; Knoxville, Tenn.

INFORMS Conference on Business Analytics & Operations Research
April 14-16, 2019; Austin, Texas

INFORMS International Conference
June 9-12, 2019; Cancun, Mexico

INFORMS Marketing Science Conference
June 20-22; Rome, Italy

INFORMS Applied Probability Conference
July 2-4, 2019; Brisbane, Australia

INFORMS Healthcare Conference
July 27-29, 2019; Boston, Mass.

2019 INFORMS Annual Meeting
Oct. 20-23, 2019; Seattle, Wash.

Winter Simulation Conference
Dec. 8-11, 2019: National Harbor, Md.

OTHER EVENTS

Advancing the Analytics-Driven Organization
Jan. 28–31, 2019, 1 p.m.– 5 p.m. (live online)

CAP® EXAM SCHEDULE

CAP® Exam computer-based testing sites are available in 700 locations worldwide. Take the exam close to home and on your schedule:


 
For more information, go to 
https://www.certifiedanalytics.org.