My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes

With much trepidation, I am announcing the release of my “Demystifying Security Analytics: Sources, Methods and Use Cases” – a paper that took a few months of work to complete.

In brief, ”Many security architects are pursuing security analytics, an ill-defined concept that presumably offers better insights and effective detection for advanced threats. Gartner provides a fact-based analysis of security analytics initiatives based on a framework of data sources, methods and use cases.”

Select fun quotes:

• “As many organizations continue to struggle with utilizing traditional security tools […], the expectation that they will magically adopt security analytics approaches as well as big data technologies is questionable at best — the emerging tools make some tasks easier, but come with their own skill requirements. “

• “Even in the analytics realm, security information and event management (SIEM) has a major role for collection, normalization and basic analysis of incoming data.”

• “Many organizations express the desire to “get ‘security analytics,'” but few are willing to commit resources to a lifetime pursuit of becoming data- and analytics-driven. “

• “A combination of “lots of data — little insight” and the proliferation of persistent, professional attackers has left many defenders demoralized, defeated, and actively looking for ways to finally extract signals from ever-increasing noise.”

• “Using the term “advanced” excessively should be left to vendor white papers, but the legitimate question remains: What constitutes advanced analysis? When organizations choose analytics tools, how can they judge how advanced they are, short of measuring the density of statistics jargon in the documentation?”

• “At this time, there is not enough data on the comparative effectiveness of various analytic approaches and algorithms (implemented in vendor tools) versus current, real-world threats and problems.” <- this point is really important since “plural of anecdote isn’t spelled ‘d-a-t-a'”….

Enjoy!

P.S. Gartner GTP access required. For those without ….

Blog posts on the security analytics topic:

• The Future Is Here … And It Is … Network? Endpoint?
• Now That We Have All That Data What Do We Do, Revisited
• Who Validates Alerts Validated by Your Alert Validator Software?
• Killed by AI Much? A Rise of Non-deterministic Security!
• Those Pesky Users: How To Catch Bad Usage of Good Accounts
• Security Analytics Lessons Learned — and Ignored!
• Security Analytics: Projects vs Boxes (Build vs Buy)?
• Do You Want “Security Analytics” Or Do You Just Hate Your SIEM?
• Security Analytics – Finally Emerging For Real?
• Why No Security Analytics Market? <- important read for VCs and investors!
• SIEM Real-time and Historical Analytics Collide?
• SIEM Analytics Histories and Lessons
• Big Data for Security Realities – Case 4: Big But Narrowly Used Data
• Big Data Analytics Mindset – What Is It?
• Big Data Analytics for Security: Having a Goal + Exploring
• More On Big Data Security Analytics Readiness
• Broadening Big Data Definition Leads to Security Idiotics!
• 9 Reasons Why Building A Big Data Security Analytics Tool Is Like Building a Flying Car
• “Big Analytics” for Security: A Harbinger or An Outlier?

Blog posts announcing paper publication:

• My “How to Work With an MSSP to Improve Security” Paper Publishes
• Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
• All My Research Published in 2014
• All My Research Published in 2013