New Requirements for Security Monitoring

Pressing need for integration, intelligence, automation, and big data capabilities

Today's security threats are difficult to defend against. On the one hand, the volume of malware variants has gone through the roof over the past few years. On the other, targeted attacks have become more stealthy and damaging.

How can CISOs possibly combat this cybersecurity double-edged sword? With continuous monitoring of everything -- IT assets, configurations, network traffic, application behavior, user activity, etc. 

Unfortunately, most large organizations don't have the tools, skills, or processes in place to monitor the whole IT and security enchilada. In a recent ESG Research survey, 315 security professionals working at enterprise organizations (i.e. more than 1,000 employees) were asked to define the biggest inhibitors preventing their firms from having real-time and comprehensive security monitoring. Here's what they said:

  • 34% said they need tighter integration between security intelligence and IT operations tools (i.e. asset management, configuration management, network performance management, etc.)
  • 33% said they need better security analysis and forensics skills at their organization
  • 29% said they need automated security analytics from their security intelligence tools
  • 28% said they need better visibility into network traffic and behavior
  • 28% said they need a better understanding of end-user behavior
  • 27% said they need a better understanding of baseline behavior so they can better detect anomalies

So it's not one thing, there are problems everywhere.

A few of my thoughts about this:

  1. Some big data uber security intelligence platform is on the horizon.  This requirement is what drove IBM's acquisition of Q1 Labs, HP's grab of ArcSight, McAfee scooping up NitroSecurity, and wild card Tibco buying LogLogic.
  2. Next generation tools need intelligence and automation.  In other words, vendors have to take away a lot of the heavy lifting users go through with product implementation, data integration, customization, analysis, etc.  AlertLogic is one company that is already focusing its efforts in this area.
  3. There's likely to be some uber IT intelligence platform that complements Security Operations Centers.  This is traditionally domain of companies like BMC, CA, Compuware, HP, IBM, and Quest.  A few of these companies have not made security plays.  In my humble opinion, they are leaving money on the table. 
  4. There is a need for tighter integration between network operations and security.  This is why RSA bought NetWitness and good news for Solera Networks.  Cisco, Juniper, and HP need to define how they will play here. 
  5. Product vendors need to understand the ramifications of the growing IT security skills shortage.  If products are simple and effective they will be replaced with managed services in a New York minute. 
SUBSCRIBE! Get the best of CSO delivered to your email inbox.