To extract optimal value from their security investments, organisations must consolidate their data and analytic capabilities into a single hub
In 2018, it was estimated that cybercrime would cost the world almost $600 billion or 0.8% of global GDP. Financial institutions remain an attractive target for cybercriminals. The security industry has evolved into a patchwork quilt of products that solve very specific challenges. Historically, these solutions have been rules- or signature-based, meaning they can only detect an attack if there was a rule or signature associated with it. New attacks and variants on existing attacks can’t be detected, leaving organisations vulnerable to an endless barrage of new threats.
Despite their limitations, these solutions critically protect against a wide range of threats. Moreover, they generate a lot of useful data. But organisations face a critical shortage of cybersecurity professionals to analyse that data—estimated around 3,000,000 globally in 2018.
Today’s rapidly-evolving digital world of the Internet of Things (IoT) and Everything as a Service (XaaS) requires a different approach to cybersecurity. Analytics can enable real-time detection of security events and decisioning on how to handle them, automating manual processes and routine decisions. This analytic empowerment has led many vendors to add analytic capabilities to make their security offerings “smarter” and supposedly ease security pros’ burdens. Regretfully, these “add on” enhancements have the opposite effect, further fragmenting the organisation’s risk view by creating data silos and pockets of analytic capabilities. These fragments must be pieced together for a holistic view of risk.
To extract optimal value from their security investments and boost security personnel’s investigational efficiency and effectiveness, organisations must consolidate their data and analytic capabilities into a single hub. Security professionals should have a variety of analytic methods at their disposal—from descriptive statistics to advanced techniques like text analytics and deep learning. These capabilities help ensure they are equipped to handle today’s threats with their current infrastructure and able to scale and adjust with the threat landscape. And since data scientists are scarce, particularly in the cybersecurity arena, the analytics need to be usable by everyone, regardless of background.
Importantly, algorithms are only one part of the equation. Organisations should consider the continuous lifecycle of data, discovery and deployment:
Data is the first step in the lifecycle and the driving factor. Getting accurate, quality data to feed the analytics so the right results can be presented at the right time to the right people and systems is critical. Those results drive…
Discovery, the next step, where data is explored, analysed and modeled Deployment, the final stage, is where the analytic models are put into action and scaled, so the full value of analytics can be realised.
As cybercriminals strive to stay a step ahead, organisations need real-time network visibility. By combining otherwise siloed data and analytics into a single hub, they can better address what assets are connected to the network. How and when do they connect? How do these assets typically behave? Suspicious behaviour is quickly surfaced, enabling security teams to proactively see indicators of an attack within the network instead of reacting to indicators of a compromise that has already occurred.
The writer is principal product marketing manager, cybersecurity, SAS