Demystifying Security Analytics

July 31, 2017

Contributor: Rob van der Meulen

Will security analytics help cut through the noise, or just add to it?

Security professionals are dealing with an increasing number of advanced and persistent threats. The reality is that they often cannot assess and respond to these threats effectively and in a timely manner, and are subsequently turning to new technologies to help them cope with the surge.  

Most organizations are already using traditional security tools such as data loss protection (DLP) and security information and event management (SIEM), which help their security professionals triage, monitor and detect unusual behaviors. However, the rapid proliferation of increasingly sophisticated attackers  is leaving many security professionals feeling overwhelmed. Increasingly they are looking at security analytics as a possible solution.

“ If deployed in the wrong environment or without the right skills, security analytics will simply add to the difficulties that cybersecurity professionals are facing.”

“Organizations exploring security analytics platforms must tread carefully and be critical of vendor claims when making their procurement decisions,” says Augusto Barros, research director at Gartner. “Organizations should not buy any new tools before goals are set and needs are clear, and, more importantly, must demonstrate that adopting advanced security analytics approaches can improve things.”

If deployed in the wrong environment or without the right skills, security analytics will simply add to the difficulties that cybersecurity professionals are facing.

Clearly there are myriad motivations for looking at advanced analytics approaches to security. These include: the proliferation of advanced and persistent threats and a new emphasis on more rapid detection and mitigations of those threats; the vast accumulation of security data; and a dramatic increase in the number of entities that need security monitoring due to shadow IT, cloud computing and the Internet of Things (IoT).

“Most organizations are surprised to find that with improved processes and care, their existing tools such as SIEM and cloud access security brokers (CASBs) can be used to address these challenges,” says Barros. “Therefore, it’s crucial  that organizations follow a structured approach to fully understand their problems and whether security analytics are necessary or helpful to address them.”

With thorough consideration there are a great number of potential use cases for security analytics. Successful deployments generally pay for themselves in reducing the number of false alerts, cutting the cost of tuning security systems and keeping content up-to-date.

However, organizations should not attempt to shop for a unified security analytics platform because there simply isn’t one available. If they need a unified platform, they need to build it themselves and this brings its own technical challenges and demands on resources — high level skills in development, mathematics and statistics are required.

“Build-your-own security analytics is far from simple,” says Anton Chuvakin, research vice president and distinguished analyst at Gartner. “Those who attempt it should know that many have tried before and failed.”

Experience Technical Professionals conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

Drive stronger performance on your mission-critical priorities.