Welcome!

News Feed Item

Analytics Usage Improves: Results of SANS' 2016 Survey on Security Analytics

Analytics Usage Up, Automation Improving, Personnel/Training/Funding Remain Key Impediments

BETHESDA, Md., Nov. 30, 2016 /PRNewswire-USNewswire/ -- Cyber security professionals have become more aware of the value of analytics and have moved beyond using analytics for detection and response to using analytics to measure and improve their overall risk posture, according to results of a new survey to be released by SANS Institute in a two-part webcast on December 7 and December 8, 2016.

"Each year more and more organizations look to security analytics to shore up their cyber security defenses," says SANS senior instructor and author of the report, Dave Shackleford. In the survey, only 11% of survey respondents either don't use analytics or don't know that they do.

Of the 44% who were able to quantify improvements, 17% reported increased visibility into actual events or breaches, and 11% reported improved detection of unknown threats, with an equal percentage noting reduced duration of events.

Utilization of security analytics is slowly rising, but there is much room for improvement in the use of analytics, results show.

As in previous SANS surveys on security analytics, the greatest impediments to implementing analytics and reaping the advantages of security analytics continue to be lack of qualified staff and funding/resources to implement programs. Because of these shortcomings, 49% have prioritized investment in personnel/training, 42% are looking to make detection and security operations center upgrades and 29% plan to invest in integrating incident response into their analytics programs in the coming years.

"One of the best ways to overcome shortages in staffing and funding is through automation," adds Shackleford. "Machine learning offers insights that could help less-skilled analysts with faster detection, automatic reuse of patterns detected and more, leading to related improvements in risk posture."

In this survey, 54% of respondents rated their programs as being "Fairly automated," while only 4% considered their programs to be fully automated. Unfortunately, only 22% said they deployed machine analytics to enable better, faster decision making, while 54% said their programs did not use machine learning as part of their analytics programs, and 24% didn't know.

Full results will be shared during a two-part webcast at 1 PM EDT on both December 7 and December 8, sponsored by AlienVault, Anomali, LogRhythm, LookingGlass Cyber Solutions, and Rapid7, and hosted by SANS.

The Part 1 webcast, held December 7, which focuses on how organizations are utilizing security analytics during real threat events, how they're utilizing analytics and intelligence, and how automated their processes are: Register for Part 1 at  www.sans.org/webcasts/102630

The Part 2 webcast, held the following day on December 8, focuses on improvements in risk posture associated with security analytics as well as best practices for implementing analytics programs: Register at www.sans.org/webcasts/102635

Those who register for the webcasts will also receive access to the published results paper developed by SANS Analyst and cyber security expert, Dave Shackleford.

Tweet This:

Catch the two part webcast series unveiling results of the SANS 2016 Security Analytics Survey | 12/7 & 12/8 | www.sans.org/u/ntB

"Each year more & more organizations look to security analytics to shore up their cyber security defenses"- Full story w/ Dave Shackleford |12/7 & 12/8 | www.sans.org/u/ntB 

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (www.SANS.org)

 

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/analytics-usage-improves-results-of-sans-2016-survey-on-security-analytics-300370590.html

SOURCE SANS Institute

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...