The rapid growth of the Internet has brought with it an exponential increase in the type and frequency of cyber attacks. Many well-known cybersecurity solutions are in place to counteract these attacks. However, the generation of Big Data over computer networks is rapidly rendering these traditional solutions obsolete. To cater for this problem, corporate research is now focusing on Security Analytics, i.e., the application of Big Data Analytics techniques to cybersecurity. Analytics can assist network managers particularly in the monitoring and surveillance of real-time network streams and real-time detection of both malicious and suspicious (outlying) patterns.
Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.
Do enterprises really want to build, maintain, and operate a complex and costly data management plane for security analytics or operations, or do they simply want to focus their efforts on the actual security analytics and operations?
Well, the answer is simple. Similar to machine learning, many organizations need help with security operations process automation and orchestration. To address this requirement, 27 percent of organizations have deployed technologies for security analytics/operations automation and orchestration extensively while 38% have done so on a limited basis. Another 31 percent are piloting security operations automation/orchestration technology, planning a project, or interested in doing so.