Security analytics must be able to serve everyone
Without the right security analytics, there will be blind spots for threats to hide and persist in attacking today's digital businesses.
For example, companies have moved from their traditional data centres to hybrid or multi-cloud infrastructure. The security sensors and analytics that worked historically might not serve the organisation well as it starts to leverage Kubernetes, serverless and other cloud native technologies.
So says TK Keanini, distinguished engineer, Advanced Threat Solutions at Cisco, who will present on "The future of security analytics: From static lists to machine learning", at ITWeb Security Summit 2019 to be held at the Sandton Convention Centre from 27 to 31 May.
He says analytics is co-evolving with the threats and changes in the infrastructure. "When our analytics do very well in detecting threat actors in the network, it forces threat actors to innovate and find new ways to evade detection; in turn, forcing us to develop new techniques to detect them and so on and so on."
So what could businesses be doing better when it comes to security analytics?
"The one thing I have learned recently, is to make sure we don't treat the end-user as if they are data scientists or security experts. Security analytics should be able to serve everyone and we have had to take innovative steps to measure our effectiveness."
For example, Keanini says if Cisco's security analytics raises an alert and it is brought to the tech team's attention, they should only be concerned with one question: was this alert helpful?
"As simple as this may seem, it is game-changing because we are measuring how helpful the analytical outcome is on an alert by alert basis. Forget the data science and all the mathematics to validate efficacy; we just want to be helpful to you as you do your job."
Keanini says security analytics help secure organisations "by detecting things early and delivering visibility to help gain a true understanding of their digital business".
"When you are insecure, it is the threat actor that understands your digital business better than you and you don't want that to happen. As is often said, 'knowledge is power' and it is no different in security."
ITWeb Security Summit 2019 delegates attending Keanini's talk will leave with a set of key pointers that will help them become better evaluators of security analytics.
"One should not have to be a data scientist to be a smart consumer of these products. For example, machine learning is the hot topic these days and I will break it down so simply that delegates will leave with six questions they can ask any vendor who claims to have machine learning in their product."