The Cyberthreat Defense Report that came out two weeks ago includes survey results from over 1000 IT security professionals. The survey found next generation firewall, threat intelligence, user behavior analytics and information security analytics are the top four technologies slated for acquisition in 2016.
Two of the four named technologies are analytics-based and one is in IKANOW’s sweet spot. This isn’t surprising to us as we see the uptick in demand for Security Analytics. The proliferation of both internal and external security data combined with the tiny footprints of sophisticated attackers designed to avoid detection by traditional infosec tools is requiring new approaches to detect breaches. Big data analysis that rapidly correlates and contextualizes breaches, vulnerabilities and threats is becoming an essential tool in combating cyber attacks.
Sifting Through the Data Overload
Everyone is well aware of the Mandiant and Ponemon numbers on breach dwell times. Whether it is 14 or 29 weeks, it is too long. Attackers have an extraordinary amount of time to understand the victim’s network and seek out its most valuable assets. Very often there is evidence of the attacker’s activity and a direct tie to threat intelligence, but it is hard to identify and correlate. This situation mirrors another finding of the Cyberthreat Defense Report: too much data to analyze is listed as security teams’ second biggest obstacle today and it grew by 11% over the prior year.
Finding the Minnow in a Sea of Data
This is where a tool like IKANOW delivers maximum impact. The solution architecture is built on open source technologies with proven scalability and open connections for ease of integration. Breach activity is often missed by legacy cybersecurity tools because only a subset of data is analyzed. IKANOW’s architecture addresses this gap by creating both breadth and depth of data analysis at lightning speed.
The more typical narrow analysis that enterprises conduct on data today is often based on constraints in terms of throughput or an inability to efficiently map new data sources. We know of some big data information security analytics jobs that literally run for hours. When your analyses take so much time, you might only be able to run one or two per day. That can limit the amount of ground you cover and allow breaches to persist unnoticed for another day. IKANOW can perform these same analyses in seconds. In fact, we have benchmarked it at 42,000 records in five seconds and it scales linearly to hundreds of terabytes every second. When you have this much throughput power, you can run lots of queries on more data and find those tiny footprints that remain hidden from legacy information security tools.
IKANOW also has algorithms designed to look for specific types of activities and threat correlations that only become visible when all of the internal and external data is analyzed as a whole. The results offer analysts a prioritized short list of potential breach activity and includes context provided from both structured and unstructured data sources. This is a powerful tool for analysts. One IKANOW user recently estimated that analyst productivity increased by 50% using the solution.
New Tools for a New Age of Information Security
The Cyberthreat Defense Report survey data confirm that the rapid growth in successful breaches is not isolated to a specific set of companies, industries or countries. The situation is pervasive. The data also show that information security teams are not standing still. They are aggressively adopting advanced endpoint protection tools and introducing security analytics to identify the threats that slip through defenses. As companies make the transition from a protection to a detection orientation, information security analytics is becoming a must-have tool in the cyber defense arsenal.
If you would like to see an infographic of the Cyberthreat Defense Report findings or download the complete study, click one of the buttons below.
By Scott Raspa