By: Augusto Barros, Research Director at Gartner and Anton Chuvakin, Research Vice President and distinguished analyst at Gartner
Will security analytics help cut through the noise, or just add to it?
Security professionals are dealing with an increasing number of advanced and persistent threats. The reality is that they often cannot assess and respond to these threats effectively and in a timely manner, and are subsequently turning to new technologies to help them cope with the surge.
Most organizations are already using traditional security tools such as data loss protection (DLP) and security information and event management (SIEM), which help their security professionals triage, monitor and detect unusual behaviors. However, the rapid proliferation of increasingly sophisticated attackers is leaving many security professionals feeling overwhelmed. Increasingly they are looking at security analytics as a possible solution.
Organizations exploring security analytics platforms must tread carefully and be critical of vendor claims when making their procurement decisions. Organizations should not buy any new tools before goals are set and needs are clear, and, more importantly, must demonstrate that adopting advanced security analytics approaches can improve things.
If deployed in the wrong environment or without the right skills, security analytics will simply add to the difficulties that cyber security professionals are facing.
Clearly there are myriad motivations for looking at advanced analytics approaches to security. These include: the proliferation of advanced and persistent threats and a new emphasis on more rapid detection and mitigations of those threats; the vast accumulation of security data; and a dramatic increase in the number of entities that need security monitoring due to shadow IT, cloud computing and the Internet of Things (IoT).
Most organizations are surprised to find that with improved processes and care, their existing tools such as SIEM and cloud access security brokers (CASBs) can be used to address these challenges. Therefore, it’s crucial that organizations follow a structured approach to fully understand their problems and whether security analytics are necessary or helpful to address them.
With thorough consideration there are a great number of potential use cases for security analytics. Successful deployments generally pay for themselves in reducing the number of false alerts, cutting the cost of tuning security systems and keeping content up-to-date.
However, organizations should not attempt to shop for a unified security analytics platform because there simply isn’t one available. If they need a unified platform, they need to build it themselves and this brings its own technical challenges and demands on resources — high level skills in development, mathematics and statistics are required. Build-your-own security analytics is far from simple. Those who attempt it should know that many have tried before and failed.
Gartner Security & Risk Management Summits 2017
Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summits 2017 taking place in Tokyo; Mumbai, India; Sao Paulo; Sydney; London; and Dubai. Follow news and updates from the events on Twitter at #GartnerSEC.