There's a lot of chatter about analytics in the information security space. That’s actually a massive understatement. Analytics is a common buzzword, and if everyone's talking it, but how do you cut through all the noise? Who is doing what when it comes to analytics? It can be difficult to tell.
As part of our pre-RSA coverage and to give you a clearer picture of cyberanalytics, I chatted with Chris Smith, SAS director of cybersecurity strategy. What some organizations call analytics really amounts to a collection of IP address calculations, or perhaps measurements on intrusion detection/protection systems (IDS/IPS) data -- fancy terminology for basic network statistics.
That information is relevant for understanding your network, but by itself doesn’t hit the mark when it comes to offering network visibility for the purposes of improving security. Whereas advanced analytics can reach to the boundaries of your infrastructure for context, then give a better understanding of network interactions for your specific business environment.
On top of the more elementary use of one type of analytics, organizations who talk analytics don’t always address the huge elephant in the room: Scale.
“Cybersecurity is truly a fast environment,” says Smith. “This is really big data. Huge. Hundreds of thousands of events per second and beyond. If you think small versus enterprise environments, the difference is significant. A telecom, for instance, has enormous network infrastructure with tons of events traversing it continuously.”
That kind of volume creates significant scalability issues, and more importantly, keeps security analysts from making good use of their time. Considering the security talent shortage and the speed at which hackers work, a stronger solution that quickly surfaces the most critical security risks is essential.
“A true analytics platform will not only offer better detection, but smarter use of your assets,” he continued. “The result is your executives will have better confidence in the results. There’s efficiency and effectiveness for the people and the hardware resources.”
With the right security platform, organizations can use analytics for insight into their existing investments by finding threats that would otherwise go undetected. Smith’s analogy to a needle in a haystack is spot on.
“Cyberanalytics serves up a signal in the noise. Your platform must not only detect that signal, but also detect an alternate version of it. Hackers are smart. If their footprint is constantly altered, by even a fraction, signature-based solutions can miss them completely,” he says.
Add network growth for the ever-changing business environments and BYOD (bring your own device) allowances for smartphones and tablets. You see where this is going — exponential opportunities for security breaches, and this doesn’t even address the Internet of Things (IoT).
"Ultimately, your network can generate data, but prioritization is necessary to show a security analyst where to look and what to review first," says Smith.