Digital technologies have changed the face of business and government, and they will continue to do so at an even faster pace. They drive innovation, boost productivity, improve communications and generate competitive advantage, among other benefits.The dark side of this digital revolution has now come clearly into focus as well: McKinsey estimates that cyber attacks will cost the global economy $3 trillion in lost productivity and growth by 2020, while theft, sabotage and other damage inflicted by trusted insider personnel continue to cost organizations in lost revenues, revealed secrets and damaged reputations.+ Read\u00a0Part 2:\u00a0How to combine security analytics approaches to create a solution that works +We read in articles and white papers that "security analytics" is the solution, the Next Big Thing that will spare beleaguered organizations the reputational, financial and physical costs of all kinds of threats. But the reality is today\u2019s security products are broken. The threats continue to morph and multiply. The attackers continue to outmaneuver or overwhelm the defenders. And the underlying doctrines and policies are far behind the times.3 security analytics approaches that aren't as good as you thinkThree widely deployed analytical approaches are often held up as shining exemplars in the brave new world of security analytics: Bayesian networks, machine learning and rules-based systems. Unfortunately, I see plenty of implementations where they simply don\u2019t produce good results, don\u2019t scale or are too hard to work with. Here\u2019s a quick summary of the approaches.1. Bayesian networksBayesian probability theory states that it\u2019s possible to predict with surprising accuracy the likelihood of something happening (or not happening) in a transparent and analytically defensible way. A Bayesian inference network, or model, captures every element of a problem and calculates possible outcomes mathematically. The harder the problem, the better it works\u2014at least in theory.In reality, a typical approach is to gather a roomful of PhDs and spend a lot of time and money building a Bayesian network. Then, with even greater effort and more man-hours, the Bayesian network is turned into software by a roomful of coders. The resulting product is something the user struggles even to understand, let alone use.Not surprisingly, there\u2019s an emerging camp that claims Bayesian networks are old fashioned and not suited to solving today\u2019s security challenges\u2014especially now that machine learning is available.2. Machine learningIn Arthur Samuel\u2019s classic definition, machine learning \u201cgives computers the ability to learn without being explicitly programmed.\u201d It can, for example, be used to uncover hidden insights from historical relationships and trends found in data.While that may have excited early adherents, we\u2019ve had over 50 years to discover some of its limitations:There are no real, generalizable approaches to machine learning.Correlation isn\u2019t all it\u2019s cracked up to be in a world of black-swan scenarios and asymmetric threats.Machine learning is dependent on data and thus is unable to offer solutions in cases where data is scarce or non-existent.Most machine-learning solutions come "black boxed," and users who have to make and defend their critical decisions hate that.Hasn\u2019t science taught us to start with a hypothesis? There\u2019s no such luxury with machine learning.3. Rules-based systemsRules-based systems use "if-then" rules to derive actions. For example, if the fact that "Sally is 22 and unemployed" is matched to the rule "If a person is between 18 and 65 and is unemployed, they can claim unemployment," the system would conclude that "Sally can claim unemployment."While much simpler (and more common) than Bayesian networks and machine learning, rules-based systems nevertheless have their own inherent drawbacks. Because they\u2019re typically binary, the outputs tend to be too coarse-grained for the often subtle threats they\u2019re trying to detect and identify.This leads to a proliferation of red flags (many of them false positives), which then leads to a proliferation of pricey analysts. Try instead to create rules for special cases, and you get a proliferation of rules. Paralysis reigns, and the world is still not safer.A better way forwardBayesian networks, machine learning and rules-based systems are applied successfully in many software systems across many domains. Google, for example, uses machine learning to recognize objects within an image and automatically create captions for them. So, clearly the techniques themselves are sound.But they don\u2019t typically work for security analytics, and that\u2019s primarily because each technique\u2019s weaknesses have yet to be resolved appropriately for that kind of application. Despite the limitations I describe above, each of these techniques offers unique strengths that would need to be present in an ideal security analytics solution:Bayesian networks: Domain conceptual alignment and ability to reason on incomplete dataMachine learning: Sheer power and ability to cope with massive quantities of dataRules-based systems: Intuitive simplicity and ease of getting started quicklyWhat\u2019s needed is a solution that exploits the combined strengths of these approaches while also compensating for or eliminating their individual drawbacks. In part 2 of this series, I will outline how these systems could\u2014and should\u2014be thoughtfully built, combined and applied to serve those who defend our security.