Cybersecurity analytics take on added importance

You can’t test what you can’t measure, as the old saying goes. And for IT, measurements of cyberdefenses are more crucial now than ever. 

A recent survey by Ponemon finds that security analytics can make a huge difference for the organizations that use them. The survey, “When Seconds Count: How Security Analytics Improves Cybersecurity Defenses,” talked to 621 IT and IT security practicioners to find out the role analytics plays in their business.

Most (87%) of those surveyed had a hands-on perspective, using the analytics tools themselves. And 80% of organizations surveyed reported their analytics program was fully implemented.

Here are some of the key findings they shared.

Attacks spur adoption

For most organizations, the road to using security analytics wasn’t a happy one. The top reason companies adopted the analytics was because they were victims of successful attacks or intrusions (68%). For more than half (53%), the concern was falling victim to a successful hack or intrusion (again).

These were more common than elective reasons, such as regularly updating security technology (33%) or a change in leadership to someone who used the metrics previously (32%).

But with plenty of good reasons to get on board with analytics, waiting for an attack might be the worst thing you could do.

Increases certainty

One key problem with security programs has always been false positives. These programs pick up anomalous traffic that actually turns out not to be a concern at all. The result is a flood of information coming into IT that wasn’t actually important while maybe some important threats get lost in the shuffle.

According to the survey, however, analytics can cut down on these false positive incidents. While 80% of those surveyed said false positives in the analysis of anomalous traffic was very difficult to manage before using security analytics, only 33% continued to struggle with false positives after.

Trouble ahead

But for those dipping their toes in the analytics waters, know this: There will be difficulties.

According to the survey, IT pros had difficulty with deployment because:

  • systems required extensive configuration and tuning before it was usable (67%)
  • too much data (51%)
  • issues getting access to the required data (45%)
  • models required a long learning or training period to become usable (40%)
  • system workflows required changing current processes (30%)
  • data was very complex (25%)
  • extensive training was needed (21%), and
  • data quality was poor (19%).

And once those analytics were in place, companies struggled with, among other things, data challenges (65%), lack of in-house expertise (58%), insufficient technologies (50%) and insufficient resources (40%).

Time will be needed

The important lesson of this survey: Security analytics measures can help, but don’t expect them to be an easy fix.

Make sure you have plenty of time budgeted for the implementation of any new solution, and the adjustment immediately following it.