Maksim Kabakou - Fotolia
When desktop publishing appeared, many companies thought they could avoid paying designers and do it themselves. They soon realised that DTP was just a tool and you needed design skills and ability to use it effectively. Security analytics is just the same.
It is very powerful, but like any technology, you still need talent and experience to drive it – whether that is configuring pattern analysis engines or interpreting the results and deciding what to do about them.
In cyber security, we need to analyse ever-increasing amounts of information and automated tools can provide vital help to wade through the mass of data. Sometimes it is hard to see the wood from the trees and it is easy to get sidetracked by patterns that may not really be there.
So, it is important to always retain a reality check and make the tools do the analytics work. But to do this you need good, trained people to interpret the results, otherwise you may be making erroneous assumptions.
The problem is that security experts are in short supply and there is no sign that this will be solved anytime soon.
Therefore, technology advances in analytics, data collection and processing and interpretation will help to frees up skilled professionals to make the decisions and interpret situations, rather than spending time collecting and crunching data and trying to spot patterns, manually and subjectively.
As good as these technologies are, you will not find companies buying a security analytics solution to completely replace their security operations teams. But you will increasingly find analytics being used to enable those teams to be more effective, scalable and consistent, in terms of detection and response. So, it is not a replacement for human intelligence it just augments it.
Feel the benefits
We know cyber attacks are increasing in sophistication, that they are more prevalent and that it typically takes too long to detect and respond to them.
Anything that helps reduce manual overload can detect threats more intelligently and enables a faster and more certain response will be of value to the security team.
When evaluating the increasing array of options on the market, organisations need to ask these questions:
- How much of the load on my security operations team will this technology alleviate?
- How much more efficient and responsive will it make them?
- Can I free highly skilled people up from having to collect data from different places to paste into a spreadsheet or report?
Key features to look out for include the ability to collect and analyse data in real time; to accept a wide variety of information types and high volumes; to be open and interconnectable; to interface with a range of platforms, sources, responsive technologies; and to provide clear, concise outputs.
Good technology should make our lives easier if we know how to use it and get the best out of it. Analytics is no panacea but we would be foolish not to harness it and put it to work for us.