CDSA

SAS Survey: Security Analytics Proves Challenging but Effective

SAS Survey: Security Analytics Proves Challenging but Effective

Security analytics solutions are delivering deeper visibility into organizations’ security data than ever before. But deployment and day-to-day usage remain challenging, according to a new Ponemon Institute survey, “When Seconds Count: How Security Analytics Improves Cybersecurity Defenses,” sponsored by analytics firm SAS.

“There has been much said about the promise of security analytics to improve security operations,” said Larry Ponemon, chairman and founder of Ponemon Institute. “This is one of the first studies to deeply examine actual use of these solutions and identify where organizations are succeeding and struggling.”

Most responding IT and IT security practitioners believe security analytics solutions have greatly improved their organizations’ overall security posture. They said the solutions make it easier to reduce false positives and to spot and stop anomalous traffic. However, these improvements come with challenges, starting with implementation. More than half of respondents (56%) characterized their initial deployments as “difficult” or “very difficult.” Among them, 65% cited the configuration and/or tuning required to make the system usable.

“Nearly all solutions require initial configuration and tuning for optimal performance,” said Stu Bradley, VP of cybersecurity solutions at SAS. “Organizations can avoid many pitfalls by clearly defining workflows and project goals before starting an implementation.”

Success hinges on data

Respondents also cited data issues as deployment obstacles, with about half (51%) noting “too much data” and 45% indicating problems accessing the required data.

Even beyond deployment, a significant majority (65%) pointed to data challenges, top among them data quality (cited by 66% of the respondents), data integration (65%) and data volume (55%).

“Organizations often want to jump immediately to the analytic output, shortcutting initial steps required to get the data right,” said Bradley. “But if they don’t appropriately address the data up front, they’ll suffer for it later and face major challenges deriving what they expect from their security analytics solution.”

Detecting the ‘right’ threats

Respondents reported gaps between threats they want their solutions to detect and those they’re actually finding. They identified data exfiltration (cited by 50% of the respondents), adversary reconnaissance (40%), adversary lateral movement (36 percent), and malicious insiders/insider threats (36%) as most important for their security analytics solution to detect. Yet none of those are among the threats their solutions are proving most adept at detecting, which they specified as account compromise (named by 50% of respondents), privilege escalation (48%) and malware deployment/delivery (46%).

“When you look at these security objectives, they’re all very different – and they each bring fundamentally different data into play,” said Bradley. “That speaks to the breadth and depth of analytic sophistication needed for an organization to develop all the right capabilities. Success requires a confluence of different analytic disciplines and also a carefully plotted road map for maturing analytic capabilities. With such a road map, organizations can make the most of their limited security resources.”

The future of security analytics

Although current solutions don’t seem to be living up to the hype, organizations are already deriving tremendous benefit from security analytics. Among respondents, 61% consider security analytics critical to their cyber defenses, and 71% expect to expand its use over the next year.

“With security analytics still in its infancy, this survey is a critical benchmark,” said Ponemon. “It shows we’ve come a long way in a short period, but the industry hasn’t yet mastered the complexity. With this user pulse reading, though, the industry’s call to action becomes clear.”

“Security analytics clearly isn’t as effective as security practitioners need it to be,” echoed Bradley. “Addressing these challenges calls for a ‘lifecycle’ approach – one that doesn’t just focus on data and algorithms. What we need is a consistent, governed process for deploying analytics. And the analytics must be consumable across a broad range of resources. It’s a difficult challenge. But building analytic sophistication ultimately pays off in improving organizations’ ability to discover, detect, investigate and respond to security events in a reliable, repeatable way.”

For the survey, Ponemon Institute selected a sampling frame of 17,200 IT and IT security practitioners familiar and involved with security analytics in their organizations. Survey responses were captured in December 2016. The final sample included 621 surveys, a 3.6 percent response. Most respondents – 87% – are personally using the security analytics solution in their organizations, and 80% of these organizations have fully implemented solutions.

Notably, most respondents indicated that their organizations adopted security analytics reactively — a stunning 68% in response to a cyberattack or successful intrusion.

  • linkedin
  • fb
  • twitter
  • google plus
  • email

TOP HEADLINES

  • Amazon’s Ambitions Unboxed: Stores for Furniture, Appliances and More (NY Times)For years, retailers have been haunted by the thou more...

  • 3 Major Issues Facing the Movie Business (Variety)Last year, the talk at CinemaCon was all about Scr more...

  • New Hollywood Panic and Pressure Over Rival Premium VOD Plans (THR)This year's edition of CinemaCon could hold plenty more...

  • Millennials Aren’t Watching TV – At Least Until They’re Older (Newsweek)Millennials aren't watching television nearly as m more...

  • Report: Online Reviews Impact Purchasing Decisions for Over 93% of Consumers (The Drum)With 60% of consumers looking at online reviews at more...

  • The Disc at 20: Packaged Media Resonates in a Digital Age (HMM)In an era of digital distribution and streaming vi more...

  • Salesforce Looks for a Future Beyond its Walls with Rising VC Investments, Acquisitions (VentureBeat)When it comes to investments and acquisitions, Sal more...

  • GameStop Closures: Is This the End of Brick-and-Mortar Video Game Shops? (CSMonitor)Gamers no longer have to look far or travel wide f more...

  • Accenture Buys OCTO Technology to Boost Digital Transformation Services (CMS Wire)Accenture announced it has bought Paris-based OCTO more...

  • 89% Satisfied With VR Headset, 90% Say Easy To Use (MediaPost)While most people don’t have virtual reality hea more...

  • Can Hulu Reprogram the Way We Watch TV?  (Fast Company)Picture this: You’re out to dinner with your in- more...

  • Netflix Without Borders: Inside the Streaming Service’s Plans for Global Domination (Fast Company)Globalization for Netflix also means spending more more...


OUR MEMBERS