As networks continue to evolve and security threats get more complex, security analytics plays an increasingly critical role in securing the enterprise. By combining software, algorithms and analytic processes, security analytics helps IT and security teams proactively (and reactively) detect threats before they result in data loss or other harmful outcomes.
Given that the average time to identify and contain a data breach in 2021 was 287 days, its more important than ever for organizations to include security analytics in their threat detection and response programs. But how has this technology changed over the last decade? In this article, I will explore the evolution and importance of security analytics.
This evolution has had two main trends.
First, security analytics is becoming more sophisticated. In the last 10 years the industry has transitioned from rule-based alerting to big data and machine learning analysis. Second, products have become more open and customizable.
As these technologies have advanced, so too have their specific use cases, with organizations using these for identity analytics (examining authentication, authorization and access for anomalies), fraud (finding anomalous transactions), and more. Today, security analytics plays a central role in Security Information and Event Management (SIEM) solutions and Network Detection and Response products (not to mention standalone security analytics software).
To better understand this evolution and the capabilities of current security analytics solutions, lets dive into the three primary generations of security analytics advancement.
Traditional security analytics focused on correlation and rules within a proprietary platform.
Users imported data into a closed database, the data was normalized and run through a correlation engine, and then the system produced alerts based on rules. Products typically included alert enrichment, which provided more useful context along with an alert, such as linking it to a specific user, host, or IP address.
However, this era often suffered from alert fatigue where the analytic solution produced more alerts than the security team could investigate, including high numbers of false positives. Sorting which alerts were important and which ones werent involved a great deal of manual work. Furthermore, these solutions were often entirely proprietary, with little to no options for customization. This prevented the security team from tweaking rules to cut down on the number of bad alerts. They were stuck with the alert fatigue issue.
The second generation of security analytics began to incorporate big data and statistical analysis, while remaining a black box to users.
These solutions offered data lakes instead of databases, which allowed for a greater variety of data to be gathered and analyzed, but they were still proprietary. New analytics capabilities emerged, such as the ability to include cloud data, network packets and flow data, but users still couldnt see how they worked or verify the results.
Data enrichment was better, but users largely could not customize the contextual data they wanted with their alerts. For example, a security team might want to add asset criticality data so they can prioritize events that affect key pieces of their infrastructure or include information from external sources like VirusTotal.
Many solutions started offering threat hunting capabilities as well, which made it easier for security teams to proactively search for suspicious activity that evaded perimeter security controls.
But false positives and limited bandwidth on security teams continued to be a major challenge. In fact, this remains a challenge today. According to the 2021 Insider Threat Report from Cybersecurity Insiders, 33% of respondents said the biggest hurdle to maximizing the value of their SIEM was not having enough resources and 20% said too many false positives.
The third generation of security analytics technologies brings us to the current day, where machine learning, behavioral analysis and customization are driving innovation.
There are now SIEM products that allow organizations to use their existing data lakes, rather than forcing customers to use proprietary ones. And some solutions have opened their analytics, enrichment, and machine learning models so users can better understand them and modify as needed.
Today, powerful algorithms find patterns in data, set baselines and identify outliers. Theres also a greater focus on identifying anomalous behavior (a user taking suspicious actions) and on prioritizing and ranking the risk of alerts based on contextual information like data from Sharepoint or IAM systems. For example, a user accessing source code with legitimate credentials might be a low-priority alert at best, but that user doing so in the middle of the night for the first time in weeks from a suspicious location should trigger a high-priority alert. Thanks to these capabilities, analytic solutions are reaching the point where they can trigger remediation actions automatically.
Security analytics have evolved quickly in recent years and as we look ahead, the industry is starting to combine SIEM, User Entity Behavioral Analytics (UEBA), Security Orchestration, Automation and Response (SOAR) and Extended Detection and Response (XDR) for a more automated and telemetry rich approach to threat detection and response.
But today, the latest advancements are helping to reduce the workload on security teams, allowing them to better detect and contain both known and unknown threats more quickly. Open access to security analytics is also a monumental shift that helps teams better understand and tweak these solutions so they can verify models and generate better results.
Ideally, analytics solutions should have strong pre-built libraries of machine learning models that dont require users to be data scientists to edit them (but give them the editing option if needed). As these capabilities continue to develop, I believe theyll be a key factor in helping security teams reduce that 287-day average time to contain a breach in the coming years.
See the rest here:
The evolution of security analytics - Help Net Security
- History of Evolution | Internet Encyclopedia of Philosophy - December 9th, 2016 [December 9th, 2016]
- Evolution - Bulbapedia, the community-driven Pokmon encyclopedia - December 12th, 2016 [December 12th, 2016]
- What is Evolution - explanation and definitions - December 21st, 2016 [December 21st, 2016]
- Evolution (2001 film) - Wikipedia - January 28th, 2017 [January 28th, 2017]
- EvolutionM.net - Mitsubishi Lancer Evolution | Reviews, News ... - February 1st, 2017 [February 1st, 2017]
- YMCA evolution continues at lake - Gaston Gazette - February 7th, 2017 [February 7th, 2017]
- Ivanka Trump's Beauty Evolution, From 1998 to Today Watch - Us Weekly - February 7th, 2017 [February 7th, 2017]
- Lumpy, hairy, toe-like fossil could reveal the evolution of molluscs - The Guardian - February 7th, 2017 [February 7th, 2017]
- How Evolution Alters Biological Invasions - ScienceBlog.com (blog) - February 7th, 2017 [February 7th, 2017]
- Cultural evolution and the mutilation of women - The Economist - February 7th, 2017 [February 7th, 2017]
- Late-night hosts on the evolution of Trump: 'Dickish to dictatorish' - The Guardian - February 7th, 2017 [February 7th, 2017]
- Gold's Gym Regina rebrands to become Evolution Fitness - Regina Leader-Post - February 7th, 2017 [February 7th, 2017]
- Incremental Versus Radical Innovation: A Response to Josh Swamidass on Evolution and Cancer - Discovery Institute - February 7th, 2017 [February 7th, 2017]
- Blockchain: Investment (R)Evolution For Developing Markets - Forbes - February 7th, 2017 [February 7th, 2017]
- See the Evolution of the Famed Porsche 911 in 7 Photos - WIRED - February 7th, 2017 [February 7th, 2017]
- Exhibition charts 500 years of evolution of robots - Phys.Org - February 7th, 2017 [February 7th, 2017]
- How evolution turned ordinary plants into ravenous meat-eaters - Wired.co.uk - February 7th, 2017 [February 7th, 2017]
- Are Evolution Fresh Drinks 'Poison'? - snopes.com - February 7th, 2017 [February 7th, 2017]
- Non-Chromosomal DNA Drives Tumor Evolution - The Scientist - February 8th, 2017 [February 8th, 2017]
- Chimpanzee feet allow scientists a new grasp on human foot evolution - Phys.Org - February 8th, 2017 [February 8th, 2017]
- 'Goldilocks' genes that tell the tale of human evolution hold clues to variety of diseases - Science Daily - February 8th, 2017 [February 8th, 2017]
- Pac-Man is Coming to 'The Sandbox Evolution' Next Week - Touch Arcade - February 9th, 2017 [February 9th, 2017]
- Chimpanzee feet allow scientists a new grasp on human foot ... - Science Daily - February 9th, 2017 [February 9th, 2017]
- Bacteria sleep, then rapidly evolve, to survive antibiotic treatments - Phys.Org - February 9th, 2017 [February 9th, 2017]
- Orangutan squeaks reveal language evolution, says study - BBC ... - BBC News - February 9th, 2017 [February 9th, 2017]
- Evolution gives rhyme its reason - Aurora News Register - February 9th, 2017 [February 9th, 2017]
- Deeper origin of gill evolution suggests 'active lifestyle' link in early vertebrates - Science Daily - February 9th, 2017 [February 9th, 2017]
- From Tara Palmer-Tomkinson to Cara Delevingne: the evolution of the It girl - The Guardian - February 10th, 2017 [February 10th, 2017]
- Banned TED Talk: Rupert Sheldrake The Science Delusion - Collective Evolution - February 10th, 2017 [February 10th, 2017]
- VOTD: Watch the Evolution of Keanu Reeves' Acting Career - /FILM - February 10th, 2017 [February 10th, 2017]
- Pokmon Go Eevee evolution: How to evolve Eevee into Vaporeon, Jolteon and Flareon with new names - Eurogamer.net - February 10th, 2017 [February 10th, 2017]
- Horse evolution bucks evolutionary theory - Science News - February 10th, 2017 [February 10th, 2017]
- Samsung's Chromebook Pro highlights the category's continued evolution - TechCrunch - February 10th, 2017 [February 10th, 2017]
- Scientists solve fish evolution mystery - Phys.Org - February 10th, 2017 [February 10th, 2017]
- Wildfire evolution forces Forest Service into new thinking - The Daily Progress - February 11th, 2017 [February 11th, 2017]
- How the horse can help us answer one of evolution's biggest questions - Raw Story - February 11th, 2017 [February 11th, 2017]
- A primer on Darwin Day: Some religious groups embrace 'Theistic evolution' - LancasterOnline - February 11th, 2017 [February 11th, 2017]
- Apple: Evolution of in-car audio tech moving at 'speed of sound ... - Times of India - February 11th, 2017 [February 11th, 2017]
- Mariska Hargitay's Evolution from '80s Glam to Law & Order: Special Victims Unit - TVOvermind - February 12th, 2017 [February 12th, 2017]
- Evolution of baseball from power to speed has left SBs behind ... - Chicago Sun-Times - February 12th, 2017 [February 12th, 2017]
- More order with less judgment: An optimal theory of the evolution of cooperation - Science Daily - February 12th, 2017 [February 12th, 2017]
- J. Albert C. Uy speaks on evolution, biodiversity in bellied flycatcher population - The College Reporter - February 12th, 2017 [February 12th, 2017]
- See the Evolution of Movie Magic With Every Oscar Winner for Visual Effects in History - Gizmodo - February 12th, 2017 [February 12th, 2017]
- Numerology: Here's What Your Name Says About You - Collective Evolution - February 13th, 2017 [February 13th, 2017]
- The Evolution of Valentine's Day - Inside Science News Service - February 13th, 2017 [February 13th, 2017]
- Why evolution may be tech billionaires' biggest enemy - The Week Magazine - February 13th, 2017 [February 13th, 2017]
- Community Viewpoint: Evolution, like gravity, is much more than theory it is a fact - Kdminer - February 13th, 2017 [February 13th, 2017]
- How the horse can help us answer one of evolution's biggest questions - Phys.Org - February 13th, 2017 [February 13th, 2017]
- How evolution alters biological invasions - Science Daily - February 13th, 2017 [February 13th, 2017]
- Cockeyed squid shines light on deep sea evolution - Christian Science Monitor - February 13th, 2017 [February 13th, 2017]
- Eye Evolution: A Closer Look - Discovery Institute - February 14th, 2017 [February 14th, 2017]
- Evolution always wins: University of Idaho video game uses mutating aliens to teach science concepts - The Spokesman-Review - February 14th, 2017 [February 14th, 2017]
- Geneticists track the evolution of parenting - Phys.Org - February 14th, 2017 [February 14th, 2017]
- How this cockeyed squid shines a light on deep sea evolution - Christian Science Monitor - February 14th, 2017 [February 14th, 2017]
- 4 Possible Roadmaps For macOS and iOS Evolution - The Mac Observer (blog) - February 15th, 2017 [February 15th, 2017]
- The Evolution of the Energy Capital of the World - Texas Monthly - February 15th, 2017 [February 15th, 2017]
- Humons presents an atypical dance evolution - Detroit Metro Times - February 15th, 2017 [February 15th, 2017]
- Pokemon Go Adds 80 Generation 2 Pokemon, New Evolution Items This Week - IGN - February 15th, 2017 [February 15th, 2017]
- Fossil discovery rewrites understanding of reproductive evolution ... - Science Daily - February 15th, 2017 [February 15th, 2017]
- 'X-Men: Evolution' Is the Gateway Drug of Comic Book Shows - Geek - February 16th, 2017 [February 16th, 2017]
- A cultural catch: Evolution of wooden halibut hooks carved by native ... - Science Daily - February 16th, 2017 [February 16th, 2017]
- Bremerton's Fitness Evolution now Planet Fitness - Kitsap Sun (blog) - February 16th, 2017 [February 16th, 2017]
- Eye Evolution: The Waiting Is the Hardest Part - Discovery Institute - February 16th, 2017 [February 16th, 2017]
- Evolution Of The Yeezy: 2009-2017 - HotNewHipHop - February 16th, 2017 [February 16th, 2017]
- Prebiotic evolution: Hairpins help each other out - Science Daily - February 16th, 2017 [February 16th, 2017]
- This 'Live Birth' Fossil Could Change Humanity's Understanding Of Evolution - Daily Caller - February 16th, 2017 [February 16th, 2017]
- Mysterious Ancient Stonehenge-Like Circles Found in Amazon Rainforest - Collective Evolution - February 16th, 2017 [February 16th, 2017]
- 'Pokemon Go': How to Evolve Poliwhirl Into Politoed - Heavy.com - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go': How to Evolve Slowpoke Into Slowbro or Slowking - Heavy.com - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go': How to Evolve Gloom Into Bellossom - Heavy.com - February 17th, 2017 [February 17th, 2017]
- Pokmon Go Dragon Scale - how to evolve Seadra into Kingdra and how to get the Dragon Scale - Eurogamer.net - February 17th, 2017 [February 17th, 2017]
- Pokmon Go Eevee evolution: How to evolve Eevee into Umbreon, Espeon, Vaporeon, Jolteon and Flareon with new ... - Eurogamer.net - February 17th, 2017 [February 17th, 2017]
- University of Pittsburgh guest speaker discloses evolution findings - UTA The Shorthorn - February 17th, 2017 [February 17th, 2017]
- 'Pokemon Go' Special Items: Drop Rates for Evolution Items & Berries at Pokestops - Heavy.com - February 17th, 2017 [February 17th, 2017]
- How Vedic Philosophy Influenced Nikola Tesla's Idea of 'Free Energy' - Collective Evolution - February 18th, 2017 [February 18th, 2017]
- Migration to America took long enough for evolution to happen on the way - Ars Technica - February 18th, 2017 [February 18th, 2017]
- How To Choose Your Eevee Evolution In 'Pokmon GO:' Umbreon And Espeon Edition - Forbes - February 18th, 2017 [February 18th, 2017]
- Evolution Items - IGN - February 18th, 2017 [February 18th, 2017]
- Congo River fish evolution shaped by intense rapids: Genomic study ... - Science Daily - February 18th, 2017 [February 18th, 2017]
- Pokmon Go - How to evolve, use Special Items, when to evolve or Power Up your Pokmon - Eurogamer.net - February 18th, 2017 [February 18th, 2017]