No one can argue that analyzing the security state of your IT environment (in a comprehensive and integrated manner) and taking proactive measures to prevent security incidents is the right way to manage an IT operation.
The problem with Security Analytics isn’t a failure of vision; everyone agrees that we should be able to take inputs from endpoints, deep network defenses, and to collect and integrate the security event information from all the key components in the computing environment.
Further, the problem isn’t a lack of technology or tools. Without getting into personal preferences, there are highly regarded products available from IBM (QRadar), RSA (NetWitess) and LogRhythm to name just a few.
The problem is that today, most organization are fundamentally incapable of deploying and managing these tools. Crawl before you walk and walk before you run. The reality is that most organization have not yet mastered and deployed the prior generations of log analysis and security event management tools. They don’t know what normal traffic/behavior looks like so that recognizing anomalies is impossible. In addition, many organization struggle with remediating even simple vulnerabilities and misconfigurations that are found.
Take the simple example shown below. We provide a technically sophisticated client with a simple analysis of its security vulnerabilities each month. Without belaboring the point, you can instantly see that even in an organization with skilled security staff there is no long term trend from weak security to stronger security – and this organization is far ahead of most.
Marketing words pitched by industry innovators and touted by security industry analysts may define the state-of-the-art, but integrated security analytics is far out of reach for the vast majority of enterprises.
Jonathan is President & CEO of SystemExperts Corporation, a network security consulting firm specializing in IT security and compliance. Jonathan started the company in 1994. He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programs, and building effective security organizations. Jonathan brings a business focus to this multifaceted work balancing all technical initiatives with business requirements and impact.