SN blogs: Security analytics and AOA

SN blogs: This week, big data and security analytics are a hot topic for analysts.

This Content Component encountered an error

For security analytics, collect and analyze everything

In a recent Enterprise Strategy Group (ESG) survey, technology professionals were asked to identify the most important data for use in malware detection and analysis. According to ESG Senior Analyst Jon Oltsik, 42% of security professionals said firewall logs, 28% said IDS/IPS alerts and 27% said PC/laptop forensic data. IP packet capture and server logs also made the list. While Oltsik says he understands the historical perspective of their answers, he believes this is the wrong way to approach security analytics. His approach? Collect and analyze everything. With the advent of mobility and the cloud, firewalls don't have the capabilities to control things that are not in a set physical location. Oltsik says you don't need to worry about storing all of the data, but you should be scanning all of it.

Read more of why Oltsik thinks analyzing all of your data is important for security.

What CISOs look for when debating security budgets

Making the case for an increased security budget is a perennial problem, says Paula Musich, a Current Analysis senior analyst. Although research by PricewaterhouseCoopers Global Information Security—which surveyed 9,600 executives-- shows a 51% increase in security budgets, it is still important to communicate the need for more funding. Musich says that creativity is key. When it comes to presenting your case for a budget increase, Musich suggests hiring a professional graphic design team to display important metrics in a way that is easy for senior executives to understand. Using red, yellow and green colors, to show security risk levels, is also effective. Using headlines to illustrate stories about big breaches, a chart reflecting the previous year's spend and stats measuring compliance and benchmarking against peers are also suggestions that Musich says will help get CISOs' attention.

Read more about how you can prepare a presentation to increase your security budget.

Working for a Big Four accounting company

Virtualized Geek blogger Keith Townsend writes that IT pros who want to exploit their knowledge of technology might want to entertain the notion of working for a Big Four accounting firm. The Big Four: PriceWaterhouseCoopers , Ernst & Young ), Deloitte and KPMG. If you decide to go in this direction, Townsend says that you should be prepared to work on a project for months and have one hour to present everything you gathered to a single executive. Another note from Townsend: With a Big Four company, your career success will be based on the impact you had on the company, not on your knowledge of technology. Townsend says that if you are interested in the business side of technology, a Big Four company could be the right move for you.

Read more of Townsend's reflections of working with a Big Four company.

Advanced operational analytics, assessing big data

Enterprise Management blogger Dennis Drogseth advocates for advanced operational analytics (AOA) as a tool to gather and assess big data. Drogseth explains that AOA can boil down information gathered from several sources. It can also do the same amount of work that an analyst could do for half the cost. While AOA comes at a cost, Drogseth says that it's possible that it could pay for itself within months or even weeks. Drogseth lists several reasons why AOA is not the "beast" that many people think of when they hear "big data analytics". AOA, he writes, can pinpoint normal behavior and alert relevant IT professionals of potential issues before things get out of control. AOA tools can be optimized to feed off trusted sources through layered processes that can help with efficiency. Drogseth says that AOA is not for everyone, but it can be beneficial to some when evaluating data.

Read more about the benefits of AOA, according to Drogseth.

This was first published in July 2014
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Sonia Groff asks:

What is the most important factor to focus on when asking for a bigger security budget?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close