Despite the rise in new and emerging cyber threats facing companies and government agencies, many organizations are ill-equipped to identify and respond to them adequately.
Seventy-nine percent of IT and IT security practitioners surveyed in a 2016 Ponemon Institute study reveal that their organization’s defensive infrastructure to identify and mitigate cyber threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise.
One approach that companies can take to better identify and respond to cyber threats is the use of security analytics. Security analytics can be applied to comb through large volumes of data to identify and act on potential security threats, even across data silos that may exist within an enterprise, explained Paul Calatayud, CTO at FireMon.
“Analytics allow you to extract information and to detect patterns that can be acted on,” said Calatayud.
Meanwhile, recent advances in security analytics, such as data extraction capabilities, dashboards, and visualization techniques, are making it easier for CISOs and information security professionals to communicate to the C-suite and the board the nature of threats being detected and the potential risks they carry.
“Most boards tend to consume financial data on the revenue direction and financial health of the company. So I’ve come to realize that it’s easier for me to translate information I have to share into financial models than for me to share the raw data with senior management,” said Calatayud.
A good starting point for neophytes to begin using security analytics is by defining objectives and setting goals and measurable outcomes, suggested Calatayud. “For instance, if a company’s top goal is to increase visibility into cyber threats and reduce the time it takes to respond, that’s important to know before exploring the technology since certain technologies are better positioned to meet these requirements and use cases than others,” Calatayud added.
Next, Calatayud recommends developing a thorough understanding of how the threat intelligence is going to be used and applied to reduce risk. For example, if a company’s goal is to identify acts of fraud and to reduce fraud, the CISO can partner with an organizational leader such as the CFO to develop specific business cases for applying security analytics to detect and act on potential cases of fraud.
Calatayud also advises CISOs to determine the data assets the company already has in place that can be used inform and guide threat detection in order to prevent the information security team from creating a data lake if one isn’t needed.
“Do an inventory on what you have today and whether it can be extended to an analytics strategy,” said Calatayud. “Otherwise, you can duplicate efforts if the security analytics strategy is done in a silo. If you’ve made those investments in other parts of the infrastructure, determine whether those technologies can be used to support your security analytics strategy. This can result in accelerated speed-to-market.”