By today i.e. 2016, 1/4th of large global companies are expected to have adopted big data analytics for at-least one security use case! (source: Gartner)
If you belong to the remaining 75% majority OR even if you are in the 25% but got it all wrong the 1st time around - please read-on
What is Big Data Analytics?
When we talk about analytics in today's world - We are invariably referring to big data analytics.
It is the process of analyzing large data sets containing a variety of data types to uncover hidden patterns, correlations, market trends, customer preferences and other useful business information.
Very valuable for any enterprise to dig into the gold-mine called data, and find insights that might not have been obvious all these years.
That's the power of analytics in a nut-shell.
Why Security Analytics?
The security analytics market size is estimated to grow from USD $2.1 Billion in 2015 to USD $7.1 Billion by 2020, at a CAGR of 27.6% from 2015 to 2020 (Source: Markets and Markets, 2015)
Analytics is only as good as the problem it is trying to solve. Period.
We all have experienced that information security is a vast area and has a unique set of challenges, unseen/unheard of in other areas within IT. People outside information security typically don't get it.
Hence analytics specific to security is much more effective simply because it is closer to the problem it is trying to solve.
For starters - Big data security analytics is a marriage of the scalability of big data platforms with the analysis capabilities of security analytics tools like SIEM.
As per Gartner, security analytics is still in the initial phase in the hype cycle, and they call it as the peak of inflated expectations.
But given our experience of analytics in other areas, it is safe to say that the application of technology to solve specific problems is much more important than generic analytics or technologies/terminologies in itself (e.g. Artificial Intelligence, Hadoop, NoSQL, Spark, etc. are just fancy keywords on their own)
Therefore, it is not surprising to see this Demystifying Framework that stresses the importance of the 3 Whats - What data, What methods, What problem?
(Source: Analytics Demystifying Framework, Gartner @RSA Conference 2016)
What Choices Do You Have? When to Opt for Which One?
So what are the options today for organizations wanting to acquire security analytics capabilities?
There are lots of choices and they come in 3 flavors -
Buy a ready-to-use tool, Build one from scratch in-house, or Hire someone to build it for you (i.e. Partner).
The Pros/Cons are below.
(Source: Gartner @RSA Conference 2016)
But in real-life, what you would need is a combination of all three - You need something that does the following -
1. Gets you started quickly because you don't want to spend the next 6-12 months waiting to start seeing results and even know if you are headed in the right direction.
2. Can be customized to your specific use-cases because generic solutions do not solve org specific problems.
3. Comes with previous expertise/best-practices knowledge so that you can stop being the guniea-pig.
And finally it should not cost you a fortune, typical of "custom built" solutions.
How can you get there ?
Looking forward to hearing from you ...
Thanks & Regards,
Aujas Platform for Advanced Security Analytics - SAVP comes with pre-built modules like Vulnerability Intelligence, Security Operations, Data Protection, Vendor Risk Management , Product Security, Customer Assurance, Etc to get you started quickly. In addition, it can be further custom deployed to meet your organization specific security challenges. SAVP was created and built by a robust team of security professionals and security engineers. SAVP comes with the security expertise of our nearly 375 professionals built in. SAVP continues to evolve as our industry does so you benefit from the most current trends.
Check out more about SAVP by Aujas here