The CSO 2016 Security Data Analytics Survival Guide

What you need to know about how analytics are changing cybersecurity

Is big data security analytics still a thing? A handful of years ago security and big data were mentioned in the same breath as one might say peanut butter and jelly, and big data security analytics was the buzz phrase that was buzzing the most loudly in every corner of the security industry. Perhaps the security big data analytics hype machine hit its most fevered pitch in 2013.

Today, we don’t hear quite as much about “security big data.” But that doesn’t mean that it’s no longer relevant. To tweak a phrase familiar from Gartner, the hype is cycling down from the peak of inflated expectations and, hopefully, heading to the plateau of productivity.

Big data security analytics is about using security analytics to improve security and obtain value from cybersecurity efforts. It’s about helping security teams to focus on the threats, vulnerabilities, and security controls that matter. A good big data security analytics program should help organizations do just that.

In the CSO story "Analyze this, and that: CSOs latch on to better data tools ,"Peter Miller, CSO at Orange County, Florida, explained to CSO’s Michael Fitzgerald just how important security analytics has become to his job. “Security is all about the metrics, too, and analytics will give you that. You're logging it and can quantify it," said Miller. "I can't imagine doing my job without analytics," he said.

That could explain why, according to the research firm Markets and Markets, that the global security analytics market will be worth $3.22 billion by the year 2018. By some estimates, the security analytics market is growing just shy of 7.8% annually.

The federal government has been a big investor in security analytics capabilities. Following the National Security Agency contractor Edward Snowden classified information disclosure that hit the NSA a couple of years ago, the NSA quickly moved to improve its security and monitoring capabilities, according to an interview with NSA CIO Greg Smithberger. As a result, the NSA now relies more on behavior analytics to help protect a private cloud that provides storage, computing and operational analytics to intelligence agencies.

Many would expect big government agencies to have the budget and skillsets to benefit from big data security analytics. But can security analytics, and even machine learning, help regular enterprises to detect and respond to attacks more quickly? It already is, whether or not the enterprise is already aware of that fact, because many of the tools security professionals use are increasingly relying on analytics and machine intelligence. According to Mary Branscombe’s story, "How much security can you turn over to AI?," security vendors are trying to use deep learning to understand better how malware acts, so that attacks can be spotted in real time.

Still, many enterprises are relying on security analytics to detect attacks and breaches. “Most organizations lack visibility; if you can’t see it, you can’t protect it. We can detect outliers,” Splunk’s Matthias Maier told Branscombe. “We summarize similar users who have similar behavior and then we show that, and if there’s an outlier who has always behaved similarly but is now behaving differently? That’s an anomaly you want to look at.”

How are you planning to use security data analytics to find, collect, and analyze the right information and get it into the hands of analysts that can make a difference in your security efforts? Or, are you already doing so? In the stories collected below, you’ll see how enterprises, vendors, and others are putting data analytics to work to improve security.

How the NSA uses behavior analytics to detect threats

The CIO of the National Security Agency says analytics protect the U.S. intelligence community’s private cloud system from internal and external threats.

IBM to tackle fraud with Iris Analytics

No, this isn't about using Watson AI systems to identify fraudsters by gazing deep into their eyes: IBM has acquired a German machine learning software firm called Iris Analytics to bolster its antifraud software.

Security pros worried about stolen credentials, alert volumes

The majority of security organizations received more alerts than they can handle and don't have a way to spot stolen credentials, according to a survey released today.

User Behavior Analytics: A complement to baseline hygiene

Rapid 7 talks about alert fatigue, the benefits of UBAs, and the need for baseline security tools.

How much security can you turn over to AI?

Machine learning and behavioral analytics could help you detect attacks faster – or stop them before they even start.

IBM will bring Watson to security later this year

Cognitive Computing and Cybersecurity, IBM Watson Cybersecurity

Public-private cyber threat intelligence sharing necessary in electricity industry

Cybersecurity professionals are hungry for a strategic advantage to battle new denial-of-service attacks and unauthorized access to systems. The electricity industry has started to focus its efforts on combating the issue head-on through timely cyber threat intelligence. If you understand your adversaries’ tactics, intent, and capabilities, you can develop strategies to combat their attacks and better plan for future threats. Better, more proactive security can be achieved through information sharing agreements and partnerships with other utilities, regulatory agencies, and intelligence partners.

Fraudsters Bank on Business Accounts: How to Protect Your Funds Online

Business banking is a popular target for hacks and attacks. Craig Priess of Guardian Analytics offers practical defensive steps.

Report: Strategic data analytics can reduce shrinkage

Strategic data analytics can reduce shrinkage for retailers, restaurants and manufacturing companies by helping loss prevention pros use early warning indicators to stop problems before they start.

Data explosion offers challenges, opportunities to security pros

Enterprises are dealing with a flood of security data from firewalls, networks, email systems, individual work stations, servers, and other devices -- Big Data analytics helps companies process all this information, prioritize the most significant threats, and weed out random noise and false alerts.

Big Data without good analytics can lead to bad decisions

Experts warn that the temptation to let the computers do it all, without the human element, can lead to trouble.

RSA Security Analytics: Art Coviello on why Big Data is a big deal

If an event at RSA's Burlington, Mass., headquarters yesterday was any indication, attendees at RSA Conference 2013 can expect to hear a lot about Big Data as a security tool.

Five signs an employee plans to leave with your company’s data

Predictive analytics plays a growing role.

Big data analytics can help banks stop cyber criminals accessing secret data

Monitoring digital footprint across all of the web can mitigate attack risk, says a financial tech start-up.

Securing big data off to slow start

While big data implementations have taken off, the work needed to secure these systems has not.

Big Data still 'a new frontier' for most of the public sector

NSA surveillance technology is cutting edge, but for most of the government, Big Data analytics is a promise unfulfilled

Government security workers have a big data problem

Better analytics could help government workers improve security, but they are hindered by tight budgets and many say they're already overwhelmed by the data they have now.

Video: Alex Hutton on Big Data, risk management

Alex Hutton discusses Big Data and risk management.

Analyze this, and that: CSOs latch on to better data tools

With the emergence of more powerful tools, analytics are becoming more important than ever to security teams.

Attackers are building big data warehouses of stolen credentials and PII

Attackers are swapping, selling, and associating increasing stores of linked PII and credentials to run deeper, broader, and more stealthy information invasions.

Join the CSO newsletter!

Error: Please check your email address.

More about CSOGartnerNational Security AgencyNSAOrangeRapid 7RSASplunk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts