Leveraging analytics to improve security

Turn big data analytics to provide insight into everything going on within an environment.

big data laptop analytics data science
Thinkstock

The concept of big data can be overwhelming for many organizations. They know that they have valuable information coming in from various sources, but often struggle with how to organize and action that data in any meaningful way. This struggle is exacerbated by clever marketing and buzz word bingo, which further confuses actual requirements and proper adoption of big data solutions; organizations fear they’re falling behind by failing to adopt the seemingly endless stream of new tools that promise to leverage their data.

Because leveraging big data analytics seems so daunting, many IT professionals end up only dipping a toe into the potential capabilities, but never quite jump in to take advantage of them all. However, properly utilizing data analytics can turn your organization’s data into actionable information and provide tremendous insight into everything going on within an environment. And, with the correct approach, using this data to enhance your security posture can be straightforward. Here are three things to focus on when developing your own data analytics program.

The right team

A well-versed team is crucial for leveraging analytics to enhance an organization’s security posture. Even with the latest technology in place, employees must have the right skills to pull meaningful insight from data flows and act on that information.

Take, for example, the infamous Target security breach of 2013, where point-of-service endpoints were accessed through the HVAC system. The part of the story that often gets glossed over is that their security team did, in fact, have the proper tools in place to identify and act on the threat, but employees interpreted the reading as a false positive. If these employees had been properly equipped to identify and act upon the analytics provided by their security tools, they could have prevented the theft of millions of customers’ credit card information.

When building your own analytics program, ask yourself: How does my team measure up? Be honest when assessing the holes in your security posture. Have you given your team the proper training so they can spot potential threats before they become problems? Or are there gaps in your team that can only be addressed by bringing on an additional hire or external resources?

The right tools

Of course, security engineers are not always entirely to blame. Even the most skilled IT professionals are not effective in the face of misconfigured technology. Analytics are only useful when they are discerning.

To avoid the pitfalls of a poorly orchestrated analytics workflow, start by taking inventory of your current stack. Are you too focused on collection and not focused enough on correlation? It could be that you’re so focused on extrapolating insights that you’ve mismanaged your consolidation efforts.

Most importantly, be sure that all of your tools are helping your security team instead of hindering it. If your system identifies too many events as abnormal, your team may get bogged down in false positives and end up making rushed decisions about the validity of particular risks (as was the case with the Target breach). Instead, make sure that only high priority concerns are brought forward to reduce the chance of human error and tighten your overall security posture.

The right response

Once you have the right people and tools in place to ensure consistently accurate, relevant and comprehensive data, the next step is to put that data to work. There are plenty of ways to do this, but one of the most promising is automation.

Recent advancements in artificial intelligence promise to take your data analytics to the next level. If you already have parameters for potential threats and a passive identification system in place, the next step is to incorporate automated, immediate actions in response to those events. You can configure your solutions to leverage AI to only report on high priority risks and even respond to those risks. For example, if a user’s activity appears suspicious, your system can sandbox that user pending further intervention from IT staff.

As AI continues to evolve, keep an eye on how community sharing might benefit your organization. When applications have broad install bases, they’re empowered to use data from their different custom environments to keep everyone in their base informed when new threats emerge. With community sharing, for example, if a new threat appears somewhere in Asia, it can be identified and given a signature before IT professionals in the U.S. even sit down at their computers in the morning.

The possibilities of AI are far-reaching and represent new ways of bolstering your defenses, thus freeing your team to concentrate on innovation and on creating efficiencies.

Bringing it all together

Chances are that your organization is much closer to a fully realized analytics program than you think. Since most businesses have at least some level of data collection in place, it’s likely the foundation is already there.

The next step is a methodical look at your people and processes to figure out what’s preventing your organization from taking advantage of the myriad benefits big data analytics can offer.

This article is published as part of the IDG Contributor Network. Want to Join?

Security Smart: 4 Common Password Myths ... Debunked!