Security Analytics Pitfalls: Customization vs. Off-the-Shelf

March 04, 2015
Duane Kuroda

Security analytics can be a valuable source of innovation, but before results can be realized, there are key commitments and costs to consider.

Organizations around the world and in every industry are facing daunting information security challenges today, and many are starting to leverage big data analytics to help detect and stop attacks before they become major problems.

While the effective use of advanced analytics can certainly help companies bolster their security posture, they first need to understand and address the key challenges involved in using analytics as a security tool.

Big data’s value—and challenges

Analyzing huge volumes of security data can be enticing to many organizations, and with good reason. Big data and analytics can provide an effective way to identify the latest and most sophisticated attacks.

By leveraging the latest analytical tools, enterprises can detect patterns that indicate malicious or questionable activities on the network or within individual systems.

But the use of these resources comes with two main challenges, and companies need to deal with these as they evaluate making an investment in predictive analytics for cyber security. It is vital for organizations to anticipate the depth of resources they will need to meet their expectations for big data security analytics.

Hidden complexities and costs

The first challenge involves the hidden complexities and costs of security analytics software. New security analytics solutions are often marketed as magical security tools that will provide managers with immediate insights to boost their organization’s security posture. In this case, the promise and reality are separated by a chasm of integration, tuning, highly specialized skillset, and other costly steps.

In fact, a number of prerequisites must first be fulfilled. These include appointing one or two “champions” dedicated to installing and operating the solution in your environment; connecting each relevant data source; building rules and filters to reduce noise and increase the signal of threats relevant to your business; and hiring a data scientist to organize and manage the data inflows, structure and presentation of findings.

Many organizations might lack the infrastructure or volume of data needed to derive the insight showcased during the initial security analytics sales pitch.

Shortage of skills

The second key challenge is the skilled security staffing shortage. Research by Enterprise Strategy Group has shown that 25% of all organizations surveyed say they have “problematic shortage” of information security skills at their organizations.

Not only is there already a skills shortage to deal with the tools, technologies and threats of today, but the shortage can be far worse for industries and organizations that do not have sufficient budgets to pay top dollar for talent.

The shortage of available talent is particularly concerning when you consider the use of new security technologies such as security analytics. There’s a good chance many companies won’t be able to hire enough skilled people to properly implement or use these new technologies.

Steps to take

Fortunately, there are a number of steps organizations can take to address both of these challenges as they prepare to invest in security analytics software solutions.

The steps are highlighted in a Proofpoint white paper, which describes why security teams need to understand the potential pitfalls of jumping into security analytics solutions without adequate preparation.

Learn More