Dawning of a new era: analytics-driven cybersecurity
RSA Conference 2016 reveals advanced analytics being applied to security in substantial and meaningful ways
In addition to the record-breaking attendance at this year’s 25th RSA conference – the place to be for the latest trends in cybersecurity – it was clear that analytics are hot. When today’s analytic capabilities underpin security solutions, it makes the solutions smarter – a necessity in the digital arms race.
New and real threats
There is no doubt businesses feel threatened. Many have already experienced a security breach of one type or another, including DDoS attacks and bad bots spreading malware, poaching sensitive data via web scraping and driving click fraud.
The Application Economy mandates that organizations be aggressive in finding feasible solutions to these unrelenting security threats. With new botnet-led DDoS attacks, for example, there is a growing consensus that, because there is no sign of an attack, it is a machine learning problem requiring real-time processing of millions of source IPs – rendering standard Intrusion Detection Systems ineffective. Customers are seeking solutions that can better manage the scope and complexity of these threats.
Getting smarter with cybersecurity analytics
Based on a rough look around the show floor, about one third of the vendors at RSA Conference 2016 were talking analytics and demonstrating tools using traditional analytics to newer advanced analytics.
To ensure safety, customers want to know what is happening and not just in hindsight, so speed of detection is important. The sooner an attack can be identified and stopped, the less damage to the business. Advanced analytics operate in real-time to allow early detection and removal of a potential problem before it becomes a real problem.
That said, many of the security analytics tools I saw demonstrated at the show used traditional analytics – anomaly detection and analysis of a discrete data set. But data from a single source may not provide enough visibility to fully comprehend what happened since it only represents a slice of the operating environment.
Attacks can encompass numerous aspects of an enterprise’s environment – such as endpoints, network devices, applications, user identities and credentials, and more – so security protection must span those domains to fully understand the impact of a security breach.
The more advanced security analytics tools I saw demonstrated had the ability to create homogeneous data sets from a number of sources, such as endpoints and network or application logs, providing far greater insight into how the attack rolled out. Also, malware is expert in “hiding” in various places of an enterprise’s environment, even more reason to ensure analytics are searching everywhere.
Real-time intelligence with predictive and prescriptive analytics
About 10 percent of the analytics tools I saw demonstrated provided alerting and predictive analysis, a major advance against security threats.
But the real value of analytics is realized when predictive capability comes with prescriptive actions to take. Truly prescriptive analytics not only alert customers before an attack happens, they provide suggested responses so the customer can make a decision resulting in a better outcome. This is the promise of analytics – the ability to stay ahead of sophisticated attacks.
CA believes that analytics will become foundational in the fight against cybercrime, and at RSA, we demoed predictive and prescriptive analytics in action. We showed how even log files from applications and websites can provide actionable insights by using pattern recognition, anomaly detection and other machine learning techniques.
Most importantly, the speed of detection, from alerts to recommending and invoking action, demonstrated that we can help businesses stay ahead of hackers and secure their digital assets.
Were you at RSA 2016? Let us know what you thought about the analytics products you saw and what your hopes are for analytics to keep your enterprise safe.