Bracing for the security data explosion

Organizations must prepare for collecting, processing, analyzing, and acting upon terabytes of security data.

data explosion / data streams / volume / velocity
SPainter VFX / Getty Images

CISOs should internalize this quote from the former Senator from Georgia, extrapolating its focus toward cybersecurity defense.  In other words, all decisions about cybersecurity strategies, program priorities, investments, etc. should be made based upon analysis of real-time and historical data.  What types of data?  EDR data, network meta data, cloud logs, identity data, threat intelligence, and so on. 

Some aspects of this data explosion are already happening.  ESG research indicates that:

  • 75% of enterprise organizations collect, process, and analyze more security data today than they did 2 years ago. Nearly one-third (32%) of organizations claim to collect, process, and analyze “substantially more” data than they did in 2018.
  • 52% of organizations retain security data online for longer periods of time than in the past while another 28% would like to retain security data online but can’t for cost or operational reasons.
  • To accommodate longer data retention periods, 83% of organizations use off-line or “cold” storage. This helps control infrastructure costs but makes retrospective investigations more cumbersome.

Growing security data analysis and operationalization requirements were already a priority at the beginning of 2020.  COVID-19 added to the urgency by introducing new data analytics use cases, traffic patterns, behavioral analytics needs, and blind spots. 

Once the summer ends, CISOs will start the planning process for 2021.  As they do, even smaller enterprises need to prepare for a quantum leap in security data collection, processing, and analysis requirements. 

Here are some thoughts around this transition:

To continue reading this article register now

Microsoft's very bad year for security: A timeline