E-Handbook: Security analysis principles and techniques for IT pros Article 1 of 2

Data-driven security now the name of the IT game

Data-driven security is the name of the game now.

The massive data sets our increasingly sophisticated security tools can collect are able to identify potential IT security threats and help us better secure company systems. But there's a problem: How do we identify, evaluate and act on the exact right data sets, the ones that will assist with the most significant security concerns?

At the heart of data-driven security lay those analytics methods able to sift through the information that network and security device logs produce. A security analytics platform or service gathers and analyzes data from such sources as security information and event management systems to provide visibility into potential security threats.

Recent developments affecting security analytics include the spread of the internet of things; machine learning capabilities and automation also are making an impact. As a result, more sophisticated means are necessary to conduct data-driven security analytics. The sets of data are getting bigger by the day, making it ever harder to pick through and find the evidence of, say, a user doing something suspect. Invaluable outliers can too easily get lost in the proverbial haystack; how to handle global enterprise data sets is crucial knowledge now.

Humans are driven by many different things -- a hunger for love or acceptance, or perhaps fame or money. But nearly every human being is driven by the desire to be secure. Similarly, this continual search for security is fundamental to every aspect of IT today. Large amounts of data, filtered smartly and evaluated clearly, hold the key now. The question is how to accomplish that feat.