Cyber security used to be so easy. Set up a perimeter, keep everything out, and eliminate any anomalies. But then the Internet happened, and then the cloud, and now the Internet of Things, and suddenly, we're not in Kansas anymore. Security has become a lot more complicated.
As a result of these changes, cyber security strategy is less dependent than ever on the idea of keeping intruders out. The painful reality is that intruders will get in no matter how much an organization fortifies its defenses. And that has made cyber security more about what we do once we identify an intruder.
More and more, the answer to that question lies in data, and the ability of technology to analyze it and provide actionable insight. This is the magic of analytics, which has never been more critical to a successful cyber security strategy than it is now. We might even go so far as to say 2019 will be looked back on as the year analytics become the primary weapon against cyber intrusions.
That's exactly what Jon Oltsik, a respected analyst with Enterprise Strategy Group, argued recently in a piece for CSO magazine.
Oltsik believes that Security Information and Event Management (SIEM) systems will migrate to the cloud in the coming years, due in large part to the mushrooming quantity of security data organizations are collecting, and that analytics will become an ever-growing part of the cyber security toolkit. He even suggested that industries such as financial services and government that have resisted the cloud will embrace cloud-based security over the next couple of years.
"Security analytics/operations is a big data application, and big data applications are moving to the cloud. CISOs who still distrust the public cloud must face this fact," wrote Oltsik. "They will either figure out how to peacefully coexist with cloud-based cybersecurity analytics/operations or be left in the dust."
A recent study from ABI Research backs up that contention, predicting that the security analytics market will reach $12 billion by 2024. ABI analyst Dimitrios Pavlakis told Telecom Tech News that the rising demand for reliable, high-quality security analytics intelligence is a reflection of advances in both analytics and artificial intelligence technologies, as well as the increasing frequency and sophistication of cyber attacks.
Pavlakis also suggested that security analytics vendors have some work to do in adjusting the expectations of organizations turning to the marketplace for help. Simply put, shopping for bargains the way many organizations do when making IT purchases could seriously undermine future cyber security efforts. The bottom line: skimp on analytics at your own risk.
“Most organizations understand security analytics as an elusive cluster of different technologies encompassing ‘a little bit of everything’," said Pavlakis. "While on a top level they are somewhat correct on that respect, they, unfortunately, opt to pick whatever makes sense budget-wise."
Regardless of how organizations approach the security analytics marketplace, approach they will. For example, Gartner's 2019 CIO Agenda Survey found that analytics and cyber security top this year's priority lists among CIOs in the government sector.
In analyzing Gartner's findings, Security Boulevard's Filip Truta suggested that government is actually a late-comer to this realization, and that other industries are already hip to the power of cyber security analytics.
"High-profile data breaches have highlighted cybersecurity analytics as a formidable weapon against sophisticated attacks and advanced threats that elude prevention mechanisms at endpoint level," wrote Truta. It is perhaps no wonder that CIOs in all verticals are beginning to recognize the importance of investing in analytics solutions to bolster the entire cyber-resilience effort."
The timing couldn't be better, with the annual RSA Conference convening next month in San Francisco. Many of the 50,000-plus attendees will be on the prowl for possible cyber security analytics options, and the schedule is packed with sessions that touch on this area.
In particular, Grant Bourzikas, CISO for McAfee, will be giving a talk on improving the ability to make security predictions using machine learning. Bourzikas will address the extent to which organizations are overwhelmed with security data, hampered by antiquated tools and methods, and challenged to keep up with the pace of attacks.
In another session, Sounil Yu, chief security scientist of Bank of America, will talk about the potential opportunities and pitfalls inherent in enabling automated decision-making. There will be many other related sessions, as well as numerous vendors offering their takes on cyber security analytics on the exhibition floor.
In other words, if cyber security analytics is on your horizon, RSAC is where you'll want to be next month. Then again, you can always just pick the cheapest alternative and hope for the best.