Active Stocks
Thu Mar 28 2024 15:59:33
  1. Tata Steel share price
  2. 155.90 2.00%
  1. ICICI Bank share price
  2. 1,095.75 1.08%
  1. HDFC Bank share price
  2. 1,448.20 0.52%
  1. ITC share price
  2. 428.55 0.13%
  1. Power Grid Corporation Of India share price
  2. 277.05 2.21%
Business News/ Companies / News/  Security analytics offers a ray of hope for embattled CISOs
BackBack

Security analytics offers a ray of hope for embattled CISOs

The digital push by companies, however, has its drawbacks too, making it easy for hackers to compromise data security

The security analytics market is estimated to grow from $2.83 billion in 2016 to $9.38 billion by 2021, a compound annual growth rate of more than 27%, according to research firm MarketsandMarkets.Premium
The security analytics market is estimated to grow from $2.83 billion in 2016 to $9.38 billion by 2021, a compound annual growth rate of more than 27%, according to research firm MarketsandMarkets.

Mumbai: Every company today is striving to become a digital enterprise—one that is shaped by data-driven decisions, that takes customer engagement in an increasingly hyper-connected world to a new level, and responds to changing market dynamics as an agile business.

The digital push by companies, however, has its drawbacks too, making it easy for hackers to compromise data security.

According to the Global State of Information Security Survey 2016 by consulting firm PwC, which was based on the responses of more than 10,000 decision-makers and security leaders from over 127 countries, 38% more security incidents were detected in 2015 than in 2014. This is despite the fact that global information security spending touched $75.4 billion in 2015, according to research firm Gartner, Inc.

If the latest admission by Yahoo! Inc. is any indication, the threats will only increase with more digitization. On 22 September, Forbes reported that Yahoo! has admitted to a hack in 2014 that left the data of 500 million users exposed. This is being dubbed as the biggest security breach in history.

“With the convoluted growth of the cyber ecosystem, the number of cybersecurity threats and attacks has also grown. Today’s threats are targeted and more sophisticated. With the increase in the amount of data generated from devices, it is becoming difficult to proactively detect and mitigate security incidents," said Jaspreet Singh, a partner with consulting firm EY.

In this backdrop, it is becoming an increasingly challenging task for chief information security officers (CISOs) and other technology leaders to keep their companies safe from all types of threats.

Most companies have begun responding by implementing, besides an already complex mix of firewalls and security tools, a security information and event management system (SIEM). However, SIEMs alone do not assure protection against such threats, which is why the emerging field of security analytics offers a new ray of hope to the embattled CISOs.

“What is needed is a more thorough analytics approach in security," said Brijesh Datta, senior vice-president and CISO at Reliance Jio Infocomm Ltd, the telecom unit of Reliance Industries Ltd. He said an analytics tool should be able to help a company make a granular assessment of its risk profile. The assessment, he added, should be one that takes into account measurable key performance indicators such as: how many people in the company bypassed the stipulated security policy; how is policy compliance among administrators; and whether the condition is improving or deteriorating.

“Security analytics addresses multiple issues. It helps detect incidents, prevent incidents by way of correlation and also, once detected, shorten the time to remediate them," said Singh.

To be sure, as organizations scale in size and complexity, more advanced analyses of interactions across multiple dimensions are required.

Statistics already point to the direction in which the security posture of enterprises is shifting. According to the PwC survey cited above, 59% of respondents are leveraging big data analytics to: model and monitor for cybersecurity threats; respond to incidents; and audit and review data to understand how it is used, by whom and when.

The security analytics market is estimated to grow from $2.83 billion in 2016 to $9.38 billion by 2021, a compound annual growth rate of more than 27%, according to research firm MarketsandMarkets.

Companies are also using so-called ‘behavioural analytics’ tools to suss out improper or potentially damaging usage patterns of their employees when it comes to accessing business—critical data or even visiting malware—infected websites. The industry term for such tools is user and entity behaviour analytics (UEBA). A Forrester Research report clubs UEBA and SIEM as components of the larger realm—the security analytics platform. Forrester points to a lot of marketing hype and misunderstanding in the market and cautions enterprise buyers.

The research firm defines a security analytics platform as one that is “built on big data infrastructure to converge logging, correlating and reporting feeds from security information management, security solutions, network flow data, external threat intelligence and diverse endpoints and applications". Such a platform, the firm points out, uses information and machine learning techniques to provide real-time monitoring and facilitate the rapid incident detection, analysis and response. Machine learning is broadly defined as the ability of a machine to teach itself from mountains of data without the need for programming.

While there are multiple flavours and types of security analytics tools available in the market such as Elk Stack, Splunk, Logstash, LogRhythm and AlienVault, Datta believes the trick to make the most effective use of these solutions is to tune them properly.

Which essentially means configuring them in keeping with a well-defined security policy, which clearly lays down the access rights and privileges of users, in addition to integrating the security analytics tool with other solutions already in use by the organization.

Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
Published: 03 Oct 2016, 12:34 AM IST
Next Story footLogo
Recommended For You
Switch to the Mint app for fast and personalized news - Get App

Chat with MintGenie