Bethesda, MD – October 1, 2014 – Organizations are using security information event management tools and intelligence from third-party service providers to correlate threat intelligence data, and when they do, 55% believe their ability to correlate incidents is improved, according to the 2014 SANS Analytics and Intelligence Survey. Visibility into their applications, underlying systems and vulnerabilities was deemed a key barrier to incident detection and response by 39% of respondents, while visibility across networks and into endpoints, mobile devices and cloud-based applications and processes was also highlighted as a concern.
“One of the biggest challenges security organizations face is lack of visibility into what’s happening in the environment,” says Dave Shackleford, SANS Analyst and author of the survey results paper. “Analytics tools are helping provide more visibility than ever before, but there are still big challenges to overcome in determining what to monitor how to find the needles in the haystack.” Respondents pointed to a number of causes for their lack of visibility and difficulty distinguishing between normal and abnormal behaviors:
- 36% pointed to inability to understand and baseline normal behaviors
- 30% say they lack the people, skills and resources
- 26% admit they don’t collect the correct information
“You need to have an idea of what to look for. Analytics allows better correlation of datasets that, heretofore, not been easily combined–such as user activity monitoring, ability to understand the rules of behavior for a system,” adds Barbara Filkins, SANS Analyst and advisor for this survey. “The trick is being able to find that needle in the haystack.
Automation is another avenue that can lead to better visibility. Although only 9% of respondents report fully automating their analytics and intelligence, 47% say they are fairly well automated. Greater emphasis is needed here to reduce the effect of lack of trained staff, improve visibility, and enhance detection and response.
Filkins adds, “Analytics applied to security big data isn’t a silver bullet or a magic trick–it takes work to make these techniques useful.”
Full results will be shared during a two-part webcast on Thursday, October 9 and Tuesday, October 14, both at 1 PM EDT. The webcasts are sponsored by AlienVault, HP, LogRhythm, McAfee/Intel Security, Rapid7 and ThreatStream, and are hosted by SANS. Register to attend the two complimentary webcasts:
Part 1–Current State: Detection and Response at www.sans.org/info/168307
Part 2–Future State: Improving Intelligence and Threat Protection at www.sans.org/info/168312
Register and attend both webcasts to be eligible for a $75 American Express gift card. The winner will be announced during the October 14 webcast. Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and analytics expert, Dave Shackleford.
2nd Annual Analytics & Intel Survey Results in 2 Webcasts: 10/9 bit.ly/AnalyticsSurvResults, 10/14 bit.ly/AnalyticsSurvResults2 #infosec
Analytics & Intel Survey Results: 10/9 bit.ly/AnalyticsSurvResults, 10/14 bit.ly/AnalyticsSurvResults2. Attend both-win $75 gift card
2nd Annual Analytics & Intel Survey Results Webcast PART 1 – Current State: 10/9 bit.ly/AnalyticsSurvResults #infosec #enterprisesecurity
2nd Annual Analytics & Intel Survey Results Webcast PART 2 – Future: 10/14 bit.ly/AnalyticsSurvResults2. Attend both-win $75 gift card
About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 27 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master’s degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet’s early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)