Maksim Kabakou - Fotolia
Security analytics is a subset of data analytics, focusing on security events. When reviewing data for security events, the challenge is that you are looking for needles in a haystack.
There are many false positive and false negative security events and your team only has limited resources to devote to analysis. Despite this, as the threat landscape changes, you are expected to identify, monitor and prevent new cyber attacks.
Therefore, security analytics can be used to address the problem of triage, analysis and response to large volumes of data requiring analysis for security events.
The main challenges that security analytics face is, first of all, providing answers to datasets that can be measured. An analysis of security events does not always reach a conclusion of yes or no, but sometimes offers a maybe. This is because of the nature of how risk is often quantified in the cyber domain.
Also, one form of analysis – the use case of historic precedence – often does not often apply to the next type of analysis required. Security analysts often drive data analysts crazy because they have to adapt and re-baseline their models quickly and with high uncertainty.
Despite these intricacies, security analytics is already making headway in helping cyber teams finding needles in haystacks.