In this Security Report Analysis (SRA) series I look at various security reports and pull out the main points.
This doesn’t replace a complete and detailed read of these reports, but at least you’ll get exposed to some of the key takeaways that you might not otherwise have seen.
[ NOTE: These points are a combination of the report’s actual points combined with my own interpretation of them. Some of the analysis is not theirs, in other words. Don’t take this as me putting words in their mouths, but rather me trying to parse and interpret for my and your benefit. ]
- Primary purpose of security analytics is to provide centralized visibility across the environment for quick threat detection and resolution
- Forrester interviewed 11 vendor and user companies, including Bae Systems, Bay Dynamics, HP arcSight, Huntsman Security, iBM, logrhythm, SaS, Securonix, and Splunk
- Security Analytics (SA) platforms use big data technology and machine learning to rapidly examine events, looking for anomalous activity that could be indicative of a breach, active malware, or other malicious activity
- SA hopes to solve the False Positive problem posed by earlier attempts, i.e. SIEM
- SA is more focused on behavior instead of signatures
- SIEM vendors are being forced to change their games because of SA
- Regular analytics vendors are getting into SA because the skillets are similar
- People are using FOSS options with some success
- Expect SIEM and SA to merge and consolidate
- While this capture can be helpful, I suggest reading the whole report for full context. The writing was remarkably easy to move through.