There is now a rising need for real-time security analytics and risk response in the evolving security sector. The world of security has changed. The outdated thinking of some security leaders and their security strategies represent a serious liability. A new era, defined by the recent growth in distributed applications (on-premises, cloud and mobile), an increasingly dispersed workforce, and fast-moving business priorities, has forever altered the SIEM (security information and event management) and IAM (identity and access management) landscapes.
A need for new, real-time security strategies and risk response
The traditional security approach too often focused mainly on descriptive (i.e., “What happened?”) and diagnostic (“Why did it happen?”) capabilities. That kind of thinking and forensic approach is most useful for the postmortem of a breach, to help prevent similar attacks in the future. Yet with the constant evolution of IT, users accessing from anywhere in the world, at any time, with a broad range of devices being used for that access, the threats are evolving, increasing and accelerating at a breakneck speed. The old approach has become a vulnerability. Now we need new, real-time responsive security strategies and risk response must be in place to meet this challenge.
The force multiplier should provide the capability for predictive security analytics
Since there is simply too much data to handle with human resources, it will only continue to get worse. Future-looking security leaders are recognizing that machine learning models that extract context from big data is the force multiplier needed to face the evolving threats of today. Hence this force multiplier should provide predictive security analytic capabilities (“What will happen?”).
Once a security leader has assessed that an advanced security analytics solution holds the promise to address this requirement with UEBA (user and entity behavior analytics) and IdA (identity analytics) capabilities, the need for prescriptive (“What are the recommended corrective actions?”) capabilities must also be taken into account. There is an increase in the variety, magnitude and acceleration of identity-based threats that organizations face. So an organization’s needs for unknown threat detection and access analytics have the generic capabilities most UEBA solutions offer. Most likely the compromise and abuse of identity is at the core of attacks and data breaches. Therefore cleaning up identity access with risk scoring down to the entitlement level is a crucial security hygiene requirement. This is even more so before cloud adoption.
There is simply too much data, which doubles every year
In addition, IAM and SIEM solutions, by themselves, are ineffective at behavior analytics. They lack support for a wide timespan of data, advanced correlations, and support for a variety of critical data for context. This includes unstructured data. Also, threat hunting for unknown threats, such as insiders, compromised accounts and data exfiltration, leads to futility fatigue with IAM and SIEM queries, filters and pivots. There is simply too much data, which doubles every year. So this leads organizations to adopt big data for the long-term storage of data for value at a lower cost. Yet leveraging the context of big data with behavior analytics for risk scoring is only half of the solution.
The use of bidirectional API integrations between solutions to provide risk scores on demand and collect feedback or data provides a closed-loop deployment for automated risk response. Without any human intervention required, this enables step-up multi-factor authentication (MFA). Consequently this is based on risk scores and reduced workloads, with dynamic access provisioning as examples. Qualified advanced security analytics vendors should offer numerous automated risk response use cases. Without them, an advanced security analytics vendor’s capabilities are incomplete. Therefore an unwelcome prospect in an evolving environment where the need for real-time detection grows every day.
To learn more about this topic, read the white paper: Automated Risk Response and Custom Use Cases with Advanced Security Analytics.