Three Challenges to know in the Cyber Security Analytics Space

Continual usage and dependency on internet and internet based devices such as personal computers (PCs), laptops, mobiles etc. has resulted in creation of a tremendous amount of data. Terabytes (TB) of data is generated by the hour and as we see it, there is no end to data generation; it will be a continuous process.

Enhancing Cyber Security through Analytics

Leveraging data insights to read hacker behavior can go a long way in enhancing cyber security.

Cyber security involves various means and methods such as usage of tools to prevent attacks, restricted access to network, authentication and verification of users – all of which are still relevant and are in use. But how about using analytics for cyber security? Data is generated even when a hacker breaches the security of a network and leaves a network trail.  Why not use this data to analyze a hacker’s methodology and prevent future crimes?

It is almost impossible to prevent cyber intrusions but there is a chance to prevent further attacks if enough data is gathered and analyzedto detect cyber-attacks faster.

So, is it that easy to use Cyber Security Analytics?

Cyber security analytics is yet far from growing to its full potential.    

In a survey sponsored by SAS and undertaken by Ponemon Institute (N=621), 61% of respondents believed that security analytics is crucial to cyber security of their IT networks while 71% responded saying they expect to expand the use of security analytics over the next 12 months.

Though cyber security analytics can prove helpful in fighting cyber-crimes, it is still in very nascent stages and is yet to live up to its desired expectations. And yes, it comes with its own set ofchallenges. Let’s observe some major challenges –

Tremendous amount of data

An ocean of data that is generated every minute becomes extremely difficult to analyze.

There is a spurt of new companies even as existing companies expand at a fast pace which is fast leading to an exponential increase in the number of connected devices such as – PCs, Laptops, Servers, Smartphones. Millions of such internet based devices are active mediums for generation and transmission of tremendous amounts of data. Ability to surf through the sea of data to detect the patterns of cyber-attacks and in a faster manner is not to say the least.

To give an example, as per a report by Computer world – a medium sized IT network with 20,000 internet devices generates around 50 TB of data every 24 hours, which means about 5 GB of data needs to be analyzed every second to detect potential cyber-attacks, malicious malware and potential threats. One too many things have to be done and that too, in lesser time frame. In the Ponemon survey, 51% of respondents cited data issues for implementing security analytics.

There is another challenge – there is a need to have Unified Data Management platform (UDM). The data management platform has to manage data with scalability and costs; it has to be scalable with low costs. SQL based databases are not easily scalable while NoSQL databases are easily scalable and have lower maintenance costs. The data management platform should also support data integration.

Deployment of Security Analytics

Deployment of cyber security analytics has its own set of challenges.

In a study conducted(sample size of 621 respondents) by SAS and Ponemon Institute, while most of the IT representatives believed that security analytics helped improve their overall IT security situation, a good number of them also expressed that implementation or deployment of security analytics is a major challenge. About 56% of the respondents claimed that the initial deployment was either ‘’very difficult’’ or ‘’difficult’’. Among these, 65% cited that there was a need for configuration or tuning to make analytics solution usable.

Deployment also gets difficult owing to the huge amount of data; it is not easy to gather the required data in the required time.

Detecting the Right Threats

Right objectives are often not met due to a huge gap between the expectation and the reality.

Security analytics is still in an evolving stage and it cannot detect the key or right threats in a timely manner.  Experts find that there is fair gap between expectations and actuals when it comes to detecting threats. As observed in the study conducted by SAS, data exfiltration, malicious insider threats, adversary reconnaissance and adversary lateral movement are the major threats experts expect security analytics to detect, and yet, the deployed security analytics solution failed to detect the aforementioned threats.

Security analytics definitely has the potential to be a game changer in cyber security but it still has miles to go before it can be completely relied upon. But there are challenges to consider – deriving the right and useful data, availability of skilled resources and cost of deployment and management to name a few. And of course, the derived analytics must be useful and consumable across a broad range segments. If the above mentioned concerns can be tackled, cyber analytics will definitely have an edge and would be a major shot-in-the-arm for cyber security.