Security analytics mainstream by 2016, says Arbor Networks

Security data analytics will be mainstream in the enterprise by 2016, predicts Arbor Networks

Security data analytics will be mainstream in the enterprise by 2016, predicts software firm Arbor Networks. 

But the key is enabling better workflows and intuitive graphical user interfaces, according to the company’s director of solutions architects, Darren Anstee.

“The lack of people in the enterprise with data analysis skills is still an issue, so successful security analytics is not just about the right technology,” he told Computer Weekly.

Anstee believes enterprises need the combination of technologies and appropriate workflows around that to make insights more accessible and enable security teams to be as effective as possible.

Security analytics is about getting the best performance out of the people an organisation has got by making it easier to identify what security alerts are important and should be priortised,” he said.

Arbor Networks is focusing on graphical user interfaces to drive workflows to help security teams identify trends quickly and easily, thereby speeding up incident-response capabilities.

“One of the biggest problems with security analytics systems to date has been that although the information is all there, it is difficult to find and identify useful trends,” said Anstee.

More on security data analytics

“Security analytics is all about improving visibility of what is going on in a network and highlighting changes, which is why a graphical approach is good,” he added.

Representing data graphically typically makes it easier for security teams to identify anomalies and trends faster.

They can also drill down using the graphical user interface to isolate and identify threats without having to wait for responses to a series of queries.

“This means they can respond faster, thereby reducing the time attackers can move around networks undetected and unchallenged after the initial intrusion,” said Anstee.

This approach also reduces the risk of overlooking important alerts, he said, referring to the recent data breach at the US retailer Target, where alerts linked to the attack were not followed up.

“This is the element of security data analytics that is about making intelligence data useful,” said Anstee.

Zero-day threats

But this has tended to be limited to correlating what is happening on a network in real time with current threat intelligence, which is typically lacking for zero-day threats.

Organisations can apply the latest threat intelligence to historical data to pick up any zero-day compromises that might have been missed

Darren Anstee, Arbor Networks

“This lack of threat intelligence means zero-day threats have a chance of slipping through undetected,” said Anstee.

However, Arbor Networks is seeking to expand the capabilities of its data analytics products by incorporating technology from its recent acquisition of Australian analytics firm Packetloop.

The newly released Pravail security analytics offering enables organisations to store network event data and compare that with new threat intelligence.

This means as soon as intelligence becomes available about previously unknown threats, this is correlated with recent network activity data to see if any zero-day attacks took place recently.

“Organisations can apply the latest threat intelligence to historical data to pick up any zero-day compromises that might have been missed,” said Anstee.

Most large organisations will have the storage capacity and processing power to keep a month’s worth of historical data to correlate with the most recent threat intelligence.

“By uncovering existing compromise, security and forensic teams have a clearer picture of when an attack may have started,” said Anstee.

“This is essential for building attack timelines as part of forensic and/or incident response investigations, as well as for identifying and remediating vulnerable hosts in the network, which strengthens the organsation’s overall security posture,” he said.

The demand for this kind of capability is the greatest from finance and defence sectors and, to meet their specific security requirements, Arbor networks has made Packetloop’s cloud-based technology available in an on-premise hardware appliance format.

“Banks are still largely unwilling to use cloud-based security services,” said Anstee.

E-commerce is another sector that is showing demand for a faster, easier way of enabling deep-level security data analytics.

While few small-and-medium-sized enterprises are expected to be among the early adopters, Anstee believes the approach taken by Arbor Networks to reduce the reliance on data analysts will help open up this market.

Read more on Hackers and cybercrime prevention