SANS: Adoption of security analytics gaining momentum
Results from a recent survey showed that only 11% of respondents don’t utilise or have little knowledge of analytics.
According the results of SANS Institute's 2016 Survey on Security Analytics, cyber security professionals have become aware of the value of analytics, recognising its utilisation in detection, as well as measuring and improving overall risk posture.
Findings from the survey showed that only 11% of respondents either did not utilise analytics, or did not fully understand how they are applied. Additionally, 44% were able to quantify improvements with 17% reporting increased visibility into events and breaches, as well as 11% reporting improved detection of unknown threats.
Ned Baltagi, managing director, Middle East & Africa at SANS said: "Traditionally, cyber security has been focused around protection and prevention. But with the growing complexity of the threat landscape, businesses are realising the need to take a more proactive approach."
He added: "Organisations are now tapping into the wealth of data being generated by their security infrastructures and using this to identify patterns, uncover vulnerabilities and stay one step ahead of would be attackers."
In terms of the market's development, SANS noted, as in previous surveys on security analytics, that the greatest obstacle towards widespread adoption lies with the lack of qualified staff and funding.
As a result, 49% of respondents have prioritised investment in training, while 42% are striving to make introduction detection and security centre upgrades. Another 29% are planning to integrating incident responses into their analytics programs in the coming years.
Dave Shackleford, a senior instructor at SANS and author of the report commented: "One of the best ways to overcome shortages in staffing and funding is through automation ... machine learning offers insights that could help less-skilled analysts with faster detection, automatic reuse of patterns detected and more, leading to related improvements in risk posture."
Finally, roughly 54% of respondents rated their programs as being ‘fairly automated', while only 4% considered their programs to be fully automated. Despite this positive uptick, roughly 22% of respondents shared that they had deployed machine analytics to enable better, faster decision making, while 54% admitted their programs did not take advantage of machine learning, as part of their analytics program.
"Analytics are an absolute necessity in today's threat environment and it is encouraging to see that IT teams are making positive advances in this regard. But while results show an increasing usage, our survey highlights that there is still much room for improvement in the use of security analytics," concluded Baltagi.