- Unsupervised Learning
- Posts
- Security Report Analysis: Forrester Security Analytics Platforms 2016
Security Report Analysis: Forrester Security Analytics Platforms 2016
In this Security Report Analysis (SRA) series I look at various security reports and pull out the main points.
This doesn’t replace a complete and detailed read of these reports, but at least you’ll get exposed to some of the key takeaways that you might not otherwise have seen.
REPORT: Forrester: Security Analytics Platforms
Key points
[ NOTE: These points are a combination of the report’s actual points combined with my own interpretation of them. Some of the analysis is not theirs, in other words. Don’t take this as me putting words in their mouths, but rather me trying to parse and interpret for my and your benefit. ]
Primary purpose of security analytics is to provide centralized visibility across the environment for quick threat detection and resolution
Forrester interviewed 11 vendor and user companies, including Bae Systems, Bay Dynamics, HP arcSight, Huntsman Security, iBM, logrhythm, SaS, Securonix, and Splunk
Security Analytics (SA) platforms use big data technology and machine learning to rapidly examine events, looking for anomalous activity that could be indicative of a breach, active malware, or other malicious activity
SA hopes to solve the False Positive problem posed by earlier attempts, i.e. SIEM
SA is more focused on behavior instead of signatures
SIEM vendors are being forced to change their games because of SA
Regular analytics vendors are getting into SA because the skillets are similar
People are using FOSS options with some success
Expect SIEM and SA to merge and consolidate
REPORT: Forrester: Security Analytics Platforms
Notes
While this capture can be helpful, I suggest reading the whole report for full context. The writing was remarkably easy to move through.