SN blogs: Security analytics and AOA

SN blogs: This week, big data and security analytics are a hot topic for analysts.

For security analytics, collect and analyze everything

In a recent Enterprise Strategy Group (ESG) survey, technology professionals were asked to identify the most important data for use in malware detection and analysis. According to ESG Senior Analyst Jon Oltsik, 42% of security professionals said firewall logs, 28% said IDS/IPS alerts and 27% said PC/laptop forensic data. IP packet capture and server logs also made the list. While Oltsik says he understands the historical perspective of their answers, he believes this is the wrong way to approach security analytics. His approach? Collect and analyze everything. With the advent of mobility and the cloud, firewalls don't have the capabilities to control things that are not in a set physical location. Oltsik says you don't need to worry about storing all of the data, but you should be scanning all of it.

Read more of why Oltsik thinks analyzing all of your data is important for security.

What CISOs look for when debating security budgets

Making the case for an increased security budget is a perennial problem, says Paula Musich, a Current Analysis senior analyst. Although research by PricewaterhouseCoopers Global Information Security—which surveyed 9,600 executives-- shows a 51% increase in security budgets, it is still important to communicate the need for more funding. Musich says that creativity is key. When it comes to presenting your case for a budget increase, Musich suggests hiring a professional graphic design team to display important metrics in a way that is easy for senior executives to understand. Using red, yellow and green colors, to show security risk levels, is also effective. Using headlines to illustrate stories about big breaches, a chart reflecting the previous year's spend and stats measuring compliance and benchmarking against peers are also suggestions that Musich says will help get CISOs' attention.

Read more about how you can prepare a presentation to increase your security budget.

Working for a Big Four accounting company

Virtualized Geek blogger Keith Townsend writes that IT pros who want to exploit their knowledge of technology might want to entertain the notion of working for a Big Four accounting firm. The Big Four: PriceWaterhouseCoopers , Ernst & Young ), Deloitte and KPMG. If you decide to go in this direction, Townsend says that you should be prepared to work on a project for months and have one hour to present everything you gathered to a single executive. Another note from Townsend: With a Big Four company, your career success will be based on the impact you had on the company, not on your knowledge of technology. Townsend says that if you are interested in the business side of technology, a Big Four company could be the right move for you.

Read more of Townsend's reflections of working with a Big Four company.

Advanced operational analytics, assessing big data

Enterprise Management blogger Dennis Drogseth advocates for advanced operational analytics (AOA) as a tool to gather and assess big data. Drogseth explains that AOA can boil down information gathered from several sources. It can also do the same amount of work that an analyst could do for half the cost. While AOA comes at a cost, Drogseth says that it's possible that it could pay for itself within months or even weeks. Drogseth lists several reasons why AOA is not the "beast" that many people think of when they hear "big data analytics". AOA, he writes, can pinpoint normal behavior and alert relevant IT professionals of potential issues before things get out of control. AOA tools can be optimized to feed off trusted sources through layered processes that can help with efficiency. Drogseth says that AOA is not for everyone, but it can be beneficial to some when evaluating data.

Read more about the benefits of AOA, according to Drogseth.

This was last published in July 2014

Dig Deeper on Network Security Best Practices and Products

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What is the most important factor to focus on when asking for a bigger security budget?
What an open-ended question. Well, our current security is failing us. The hackers are learning new tricks and we're still patching the last set of holes they unearthed. Then there's the pervasive BYOD and all the problems it ushers in. It will certainly not be getting smaller in the years ahead. And now we're connecting everything from wristwatches to coffee pots. What could possibly go wrong there...? 

We shouldn't be asking for a bigger security budget. Management should be chasing after us, begging us to use the money to fix their problems.
I always look at it as what will it cost if if we are breached and lose customers, data or if they just crash our system and bring us to a standstill even for a day?  does 1 day of business = security budget ?