Q

What role can analytics play in mobile security intelligence?

Organizations need to deploy security analytics tools in order to detect and respond to advanced attacks.

In order to improve their network security, how can companies with fewer resources take advantage of security

analytics?

Today's organizations are under constant pressure to do more with less. Nowhere is this more apparent than in the area of information security. Industry experts recommend reducing the time from detecting a high severity intrusion to containing or remediating to one hour or less -- a lofty goal even for experienced and well-funded teams.

At the same time, smaller and cost-conscious organizations rarely have the luxury of dedicated information security teams, and even those that can afford one face difficulty finding skilled security professionals to fill the roles. The challenges for small security teams don't stop there. The modern threat landscape includes advanced attacks that easily bypass traditional security controls like antivirus software, Layer-4 firewalls and Secure Sockets Layer.

There are certainly many tools and techniques that security teams can bring to bear to reduce the risk of damage due to network security incidents. For example, one resource is the Critical Security Controls for Effective Cyber Defense. Yet, while an inspired application of network security basics is necessary, it may not be sufficient to reduce risk to acceptable levels in many organizations.

Looking forward, security professionals will require tools that can give them immediate insight into the activity on their networks. Simple tabulation of events and static numeric thresholds will not be enough to both detect attacks and keep false positive rates at acceptable levels.

Instead, more advanced analytics that establish a baseline of activity and provide alerts on true outliers are required. This capability, often referred to as security analytics, will be the key that enables organizations to detect and respond to advanced attacks. In smaller organizations, security analytics will play a crucial role as a force multiplier to address resource constraints.

As security analytics becomes mainstream, it follows that mobile platforms such as smartphones and tablets will become the delivery mechanism for security alerts and reports. While receiving security alerts on smartphones is nothing new, security analytics capabilities will likely expand to allow security professionals to explore data and perform more advanced analytics directly on the device. Obviously, security of such a system will be paramount, requiring device and connections encryption, strong authentication/authorization and remote-wipe capabilities. These requirements are not easy to address, but the benefits of mobile security analytics will likely outweigh the costs of implementation.

While mobile security analytics capabilities are not widely available today, promising commercial products from vendors such as Splunk Inc., and its Everywhere app, are beginning to appear. Open source software from organizations like as Elasticsearch ELK Stack is another emerging option.

About the author:
Dave Herrald is a solutions architect specializing in information security at Denver-based Global Technology Resources Inc.

This was first published in May 2014

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close