Maksim Kabakou - Fotolia

Security Think Tank: Security analytics helps find needles in haystacks

What are the main challenges that security analytics can be used to address?

Security analytics is a subset of data analytics, focusing on security events. When reviewing data for security events, the challenge is that you are looking for needles in a haystack.

There are many false positive and false negative security events and your team only has limited resources to devote to analysis. Despite this, as the threat landscape changes, you are expected to identify, monitor and prevent new cyber attacks.

Therefore, security analytics can be used to address the problem of triage, analysis and response to large volumes of data requiring analysis for security events.

The main challenges that security analytics face is, first of all, providing answers to datasets that can be measured. An analysis of security events does not always reach a conclusion of yes or no, but sometimes offers a maybe. This is because of the nature of how risk is often quantified in the cyber domain.

Also, one form of analysis – the use case of historic precedence – often does not often apply to the next type of analysis required. Security analysts often drive data analysts crazy because they have to adapt and re-baseline their models quickly and with high uncertainty.

Despite these intricacies, security analytics is already making headway in helping cyber teams finding needles in haystacks.

This was last published in October 2017

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchDataCenter

SearchDataManagement

Close