With the growing data and its need to be protected, businesses have understood the need of protecting the information. Traditionally the security teams have relied on strong complex multifactor authentication for employees who access sensitive data located on internal networks. We see that most of these controls like using firewalls , intrusion prevention and gateway filters are all preventive controls and very less detective controls were used. In fact the study conducted by Gartner suggested that only 75% of the controls used in most organizations were preventive.
As per Gartner 3 main challenges faced by the organisations are:
1. Alert management improvement
2. Investigation efficiency
3. Rapid detection.
With data breach and information theft having huge impacts on business, the organizations are deploying tools like security analysis tools and analytic softwares to gain comprehensive view of the security of their infrastructure because data indicating an attack is often dispersed across network devices, servers, application logs and endpoints.
Now the focus has been shifting from SIEM tools to more advanced tools that can analyse more data and do in depth analysis occuring on different platforms to detect suspicious patterns on mutiple devices. Security analytics tools analyze log and event data from applications, endpoint controls and network defenses. This way the speed of detection of andthe capacity to analyse its impact can be improved and help the organization to mitigate such events from occuring and thus reduce the impact.
Security Analytics helps:
– To implement real time continuous monitoring of servers, enpoints and network traffic
– Consolidate the diverse event data from applications and network logs
– Perform forensic analysis
– Malware detection
– Incident detection
– Data loss reporting
– Provides timeline and session analysis when a data breach is reported.
– Single point of access to event data.
– Support for regulatory compliance
While choosing a security analytic tool for an organization, the common requirements include the following;
-Basic security analytics with minimal overhead
-Large enterprise use cases
-Focus on advanced persistent threats
-Focus on forensics
-An ensemble of security tools and services
Some tools in the market include Blue Coat Security Analytics Platform, Lancope Stealth Watch System, Juniper Networks JSA Series Secure Analytics, EMC RSA Security Analytics NetWitness, FireEye Threat Analytics Platform, Arbor Networks Security Analytics, Click Security Click Commander, Hexis Cyber Solutions’ NeatBeat MON and Sumo Logics’ cloud service.