There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.
In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.
You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next couple of years.
Why exactly are we collecting this data? Primarily, judging by the responses to the survey, to detect advanced threats and for security incident analysis, as well as to make sure audits and compliance targets are met. But we can’t do it all on our own: third party services greatly enhance our capabilities, especially when seeking to proactively identifying potential future threats to critical systems. One popular third party service is threat intelligence; with 65% of respondents reporting use of some form of external threat intelligence today.
The value of that data is clear, with 78% saying the intelligence enhances visibility into threats and security incidents, with 95% confirming that commercial threat intelligence is effectively addressing risk.
But what forms of intelligence are in greatest demand? Vulnerability and malware intelligence top the interest list, with the most popular intelligence use cases being the proactive identification of potential threats to critical systems and the adjustment of defensive tools to address emerging threats.
You may ask, “In whose hands does that intelligence lie”? Some 92% of those surveyed say that more than five individuals have access to security intelligence on a regular basis, with security analysts, IT auditors and SOC staff being the top three roles identified. Interestingly, the CIO comes in fourth, demonstrating how much more ‘hands on’ they are now in understanding just how well informed and protected their businesses are from attacks.
As you might expect, there are also downsides to the expanding use of data in security analytics, with the main issue highlighted being a lack of adequate internal security skills.
All in all, the findings are quite encouraging, with the move toward big data security and the use of external threat intelligence well underway. Of course organisations with more mature processes will see the greatest return from these investments, … but even the longest journey begins with the first step.
For more information, you can download a copy of ‘Security Intelligence: A Key Component of Big Data Security Analytics’ here.