[BreachExchange] Leveraging analytics to improve security

Audrey McNeil audrey at riskbasedsecurity.com
Mon Mar 19 21:18:19 EDT 2018


https://www.csoonline.com/article/3263811/big-data/leveraging-analytics-to-
improve-security.html

The concept of big data can be overwhelming for many organizations. They
know that they have valuable information coming in from various sources,
but often struggle with how to organize and action that data in any
meaningful way. This struggle is exacerbated by clever marketing and buzz
word bingo, which further confuses actual requirements and proper adoption
of big data solutions; organizations fear they’re falling behind by failing
to adopt the seemingly endless stream of new tools that promise to leverage
their data.

Because leveraging big data analytics seems so daunting, many IT
professionals end up only dipping a toe into the potential capabilities,
but never quite jump in to take advantage of them all. However, properly
utilizing data analytics can turn your organization’s data into actionable
information and provide tremendous insight into everything going on within
an environment. And, with the correct approach, using this data to enhance
your security posture can be straightforward. Here are three things to
focus on when developing your own data analytics program.

The right team

A well-versed team is crucial for leveraging analytics to enhance an
organization’s security posture. Even with the latest technology in place,
employees must have the right skills to pull meaningful insight from data
flows and act on that information.

Take, for example, the infamous Target security breach of 2013, where
point-of-service endpoints were accessed through the HVAC system. The part
of the story that often gets glossed over is that their security team did,
in fact, have the proper tools in place to identify and act on the threat,
but employees interpreted the reading as a false positive. If these
employees had been properly equipped to identify and act upon the analytics
provided by their security tools, they could have prevented the theft of
millions of customers’ credit card information.

When building your own analytics program, ask yourself: How does my team
measure up? Be honest when assessing the holes in your security posture.
Have you given your team the proper training so they can spot potential
threats before they become problems? Or are there gaps in your team that
can only be addressed by bringing on an additional hire or external
resources?

The right tools

Of course, security engineers are not always entirely to blame. Even the
most skilled IT professionals are not effective in the face of
misconfigured technology. Analytics are only useful when they are
discerning.

To avoid the pitfalls of a poorly orchestrated analytics workflow, start by
taking inventory of your current stack. Are you too focused on collection
and not focused enough on correlation? It could be that you’re so focused
on extrapolating insights that you’ve mismanaged your consolidation efforts.

Most importantly, be sure that all of your tools are helping your security
team instead of hindering it. If your system identifies too many events as
abnormal, your team may get bogged down in false positives and end up
making rushed decisions about the validity of particular risks (as was the
case with the Target breach). Instead, make sure that only high priority
concerns are brought forward to reduce the chance of human error and
tighten your overall security posture.

The right response

Once you have the right people and tools in place to ensure consistently
accurate, relevant and comprehensive data, the next step is to put that
data to work. There are plenty of ways to do this, but one of the most
promising is automation.

Recent advancements in artificial intelligence promise to take your data
analytics to the next level. If you already have parameters for potential
threats and a passive identification system in place, the next step is to
incorporate automated, immediate actions in response to those events. You
can configure your solutions to leverage AI to only report on high priority
risks and even respond to those risks. For example, if a user’s activity
appears suspicious, your system can sandbox that user pending further
intervention from IT staff.

As AI continues to evolve, keep an eye on how community sharing might
benefit your organization. When applications have broad install bases,
they’re empowered to use data from their different custom environments to
keep everyone in their base informed when new threats emerge. With
community sharing, for example, if a new threat appears somewhere in Asia,
it can be identified and given a signature before IT professionals in the
U.S. even sit down at their computers in the morning.

The possibilities of AI are far-reaching and represent new ways of
bolstering your defenses, thus freeing your team to concentrate on
innovation and on creating efficiencies.

Bringing it all together

Chances are that your organization is much closer to a fully realized
analytics program than you think. Since most businesses have at least some
level of data collection in place, it’s likely the foundation is already
there.

The next step is a methodical look at your people and processes to figure
out what’s preventing your organization from taking advantage of the myriad
benefits big data analytics can offer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180319/ca4b9bb3/attachment.html>


More information about the BreachExchange mailing list