2016 Cybersecurity Analytics State of the Union Recap

Categories: Security, Risk, and Compliance

Last week was a momentous moment… we held the first ever Cybersecurity Analytics State of the Union with the Ponemon Institute. During the address, we examined Ponemon Institute’s 2016 research on the current state of cybersecurity analytics and areas the industry needs to focus on over the next year.

Like any look backwards, there is always the good, the bad, and the ugly. Here is a quick recap of Ponemon’s research describing where we are today with cybersecurity big data analytics…

The good

Organization are 2.25x more likely to detect a threat in minutes or hours when using big data analytics heavily. This includes advanced threats such as advanced malware/ ransomware, compromised devices, zero day attacks, and malicious insiders.

The bad

There are factors that are limiting adoption of cybersecurity analytics including lack of in-house expertise, current insufficient technologies, and insufficient resources to execute.

The ugly

Organizations are going to have to rethink their traditional cybersecurity architectures since 71% them say they can’t leverage their traditional system for cybersecurity analytics.

While we have challenges to overcome the future is bright. Like any great State of the Union, once you look backwards you must set your eyes on the future. With cybersecurity big data analytics showing early promise in the industry, we must focus on 3 key areas in order to achieve pervasive cybersecurity analytics across every organization.

1. Large scale storage and flexible analytics

As shown in the research, traditional cybersecurity applications can’t handle the scale and analytic flexibility required for big data analytics. We first must examine our underlying architectures to make sure we can scale to meet the demands of the hyper connected world (IoT, mobile, etc). Open source projects like Apache Hadoop and Apache Spark have already helped break down these barriers, it’s time every organization and application takes advantage of them.

2. Complete enterprise visibility and context

One cybersecurity application gives you one view of your enterprise users, another one network, another one for endpoints… and the list goes on. In order to unlock richer analytics for better detection organizations must first have richer data sets. By marrying together data, such as network, endpoint, and user, analytic detection capabilities will increase. Not to mention, the time it takes to investigate threats significantly reduces due to the fact that this unified data will give analysts a complete view of the enterprise through a single window.

3. Leverage the community to accelerate analytics development

So you have a scalable platform that offers analytic flexibility and you have complete enterprise visibility, now what? Finding the analytics to apply to these large, diverse data sets is not a trivial task. Organizations must turn to the experts in the vendor and open source ecosystem in order to accelerate their analytic capabilities instead of recreating the wheel. As an example, with the open source projects Apache Spot (incubating), organizations are leveraging pre-packaged machine learning analytics that were developed by the community.

And there you have it, the first ever Cybersecurity Analytics State of the Union! To watch the full recording, access the Ponemon report, or to learn more please visit…


Leave a Reply