Enterprise Strategy Group: The Big Data Security Analytics Era is Here

  • Published on
    01-Nov-2014

  • View
    4

  • Download
    0

Embed Size (px)

DESCRIPTION

This analyst report explains that organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect against targeted attacks. Henceforth, security management must be based on continuous monitoring and big data analysis for situational awareness and rapid decisions.

Transcript

  • 1. White Paper Big Data Security Analytics Era Is The Here By Jon Oltsik, Senior Principal Analyst January 2013 This ESG White Paper was commissioned by RSA Security and is distributed under license from ESG. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved

2. White Paper: The Big Data Security Analytics Era Is Here 2 Contents Executive Summary ..................................................................................................................................... 3 The Obstacles to Improving Organizational Security Maturity ................................................................... 3 Legacy Security Monitoring and Analytics Tools Are Also Holding Back Progress ...................................... 6 Enter the Big Data Security Analytics Era .................................................................................................... 8 Big Data Security Analytics Technology Transformation ......................................................................................... 9 CISOs Must Become Big Data Security Advocates .................................................................................... 10 The Bigger Truth ....................................................................................................................................... 12 All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources TheEnterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which aresubject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution ofthis publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without theexpress consent of the Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, ifapplicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved. 3. White Paper: The Big Data Security Analytics Era Is Here 3 Executive Summary A few years ago, ESG created a security management maturity model that outlined a progression through four phases of a security management programs evolution. The goal was to leverage ESG research to uncover success strategies and best practices, then use this information to help CISOs build a security management plan and prioritize the right activities in order to improve security and lower risk, while continuing to build the organizations security maturity. CISOs are certainly intent on evolving the maturity of their security management, but many organizations are facing unanticipated problems that are impeding their progress. CISOs face an insidious threat landscape and an avalanche of new technology initiatives that make security management increasingly difficult. Furthermore, enterprise organizations are finding it difficult to recruit and train new security professionalsleaving them under-staffed and over-burdened. Taken together, new security risks and old security challenges often overwhelm legacy security controls and analytics tools. Large organizations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect them from targeted attacks and advanced malware. Henceforth, security management must be based upon continuous monitoring and data analysis for up-to-the-minute situational awareness and rapid data-driven security decisions. This means that large organizations have entered the era of big data security analytics. This white paper concludes that: Security and market trends are creating new security management hurdles. Over the past few years, CISOs have come face-to-face with three difficult and converging trends. First, they face an increasingly hazardous threat landscape full of stealthy malware, social engineering, and targeted attacks from well-funded and expert adversaries. Second, they have been called upon to secure new technology initiatives such as cloud computing, mobile devices, and server virtualization. Finally, they face a security skills shortage, making it difficult to recruit and hire new security talent. These obstacles are placing new demands on existing security staff, processes, and technologies. The existing security infrastructure is no longer adequate. At many enterprise organizations, security protection and analysis depends upon an army of independent signature-based point tools, network perimeter gateways, manual processes, and specialized skills. While this loose affiliation of security technologies may have been sufficient in years past, they are no match for the scale and scope of todays threats and overall security management requirements. IT is entering the era of big data security analytics. Risk management and prevention are critical but no longer enough. Moving forward, CISOs need real-time security intelligence and situational awareness to give them visibility into their security status at all layers of the technology stack and across the enterprise. Armed with this type of intelligence, security executives can then prioritize actions, adjust security controls, accelerate incident detection, and improve workflows around incident response. Taken together, these advances can improve security while lowering security operations costs. The Obstacles to Improving Organizational Security Maturity After studying the state of enterprise information security in 2011, ESG published a security management maturity model to provide some strategic guidance for CISOs (see Figure 1). At that time, ESG believed that most organizations were still in phase 2, thus focused on compliance and defense-in-depth, but were intent on proceeding to phase 3, risk-based security, as soon as possible. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved. 4. White Paper: The Big Data Security Analytics Era Is Here 4 Figure 1. The ESG Information Security Management Maturity Model Source: Enterprise Strategy Group, 2013. When this model was first published in 2011, ESG assumed that risk-based security would be well established by most organizations by early 2013, but this transition has proven to be more difficult than first anticipated. The delay is not due to a lack of effort by security teams. In fact, in the past couple of years, many CEOs and other non-security executives have become more involved in information security oversight and are regularly approving projects and increasing information security budgets. Unfortunately, the transition from phase 2 to 3 for most organizations has become more difficult than projected because of: The volume and sophistication of new threats. While day-to-day cyber threats continue to increase at an exponential rate, CISOs are most concerned over the rise of targeted and advanced malware enabled attacks such as Advanced Persistent Threats (APTs). This apprehension is well deserved. According to ESG research, 59% of enterprises are certain or fairly certain that they have been the target of an APT, while 30% of enterprises believe they are vulnerable to future APTs.1 Detecting, analyzing, and remediating advanced threats adds additional requirements to the risk-based phase while forcing CISOs to simultaneously assess and dramatically improve their incident detection and response capabilities. Rapid IT changes. Risk-based security depends upon intimate knowledge of every IT asset deployed on the network. This type of understanding is especially difficult when IT is constantly engaged in rolling out new initiatives such as server/endpoint virtualization, cloud computing, mobile device support, and supporting BYOD programs. To make matters worse, many new IT initiatives are based upon immature technologies that are prone to security vulnerabilities, and may not play well with existing security policies, controls, or monitoring tools. For example, mobile devices like smartphones and tablet computers present a number of security management challenges around policy enforcement, sensitive data discovery/management, and malware/threat management (see Figure 2).2 The continuous adoption of new technology initiatives adds uncertainty and complexity to security management. 1 Source: ESG Research Report, U.S. Advanced Persistent Threat Analysis, November 2011. 2 Source: ESG Research Report, Security Management and Operations: Changes on the Horizon, July 2012. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved. 5. White Paper: The Big Data Security Analytics Era Is Here 5 Figure 2. Mobile Device Security Challenges With regard to mobile device security, which of the following presents the most signicant security challenges for your organizaPon? (Percent of respondents, N=315, mulPple responses accepted) Enforcing security policies for mobile devices 48% Lost/stolen mobile devices containing sensieve data 46% Sensieve data condeneality and integrity proteceon 46% when accessed from or stored on mobile devices Malware/threat management on mobile devices 41% Supporeng new device types 41% Creaeng security policies for mobile devices 40% Discovering mobile devices as they gain access to the 30% network 0% 10% 20% 30% 40% 50% 60% Source: Enterprise Strategy Group, 2013. A growing security skills shortage. In 2012, over half of all organizations planned to add headcount to their information security group and nearly one-quarter of all organizations (23%) indicated that they had a significant shortage of security skills. CISOs will likely find it extremely difficult to simply hire their way out of this problemESG research indicates that 83% of enterprise organizations find it extremely difficult or somewhat difficult to recruit and hire security professionals.3 Combined with routine day-to-day activities, the security market trends described above have led to numerous challenges in areas such as incident detection/response (see Figure 3).4 For example, the overall security skills shortage has an impact on the security organizations incident detection/response capabilities because many enterprises lack the right staffing levels and skills. Malware volume and sophistication is forcing security analysts to sort through mountains of equally weighted, false positive alerts. In addition to staffing and skills issues, security analysts generally rely on too many manual processes in order to identify, scope, and remediate problems. 3 Source: Ibid. 4 Source: ESG Research Report, The Emerging Intersection Between Big Data and Security Analytics, November 2012. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved. 6. White Paper: The Big Data Security Analytics Era Is Here 6 Figure 3. Challenges with Incident Detection Which of the following challenges does your organizaPon face when it comes to incident detecPon? (Percent of respondents, N=257, mulPple responses accepted) Lack of adequate stang in security operaeons/39% incident response team(s) Too many false posieve responses 35% Incident deteceon depends upon too many manual 29% processes Incident deteceon depends upon too many 29% independent tools that arent integrated together Sophisecated security events have become too 28% hard to detect for us My organizaeon lacks the right level of security 28% analysis skills needed Lack of adequate data colleceon/monitoring in one 28% or more criecal area Lack of proper level of tuning of our SIEM and other 23% security tools 0% 10% 20% 30% 40% 50% Source: Enterprise Strategy Group, 2013. Whats most alarming here is that the challenges outlined in Figure 3 have a cumulative impact. Security departments are short-staffed and lack the right skills amongst the analysts they do have. Meanwhile, security analysts spend an inordinate amount of time sorting through false positives and working through manual processes, which wastes what little time they have. In aggregate, this situation is operationally inefficient, costly, and leaves many enterprise firms with an unacceptable level of risk. The CEO and CFO wont be pleased to learn that they spend more but are left with more risk. Legacy Security Monitoring and Analytics Tools Are Also Holding Back Progress In addition to skills challenges, false positives, and manual processes, it is also worth noting that 29% of enterprise organizations surveyed by ESG indicate that incident detection depends upon too many independent tools that arent integrated together.5 This security challenge is certainly understandable. Over the past ten years, enterprise IT security has grown incrementally more difficult because of new and unanticipated threats and vulnerabilities. As these changes occurred in the past, organizations typically upgraded their security products, purchased new signature-based threat management tools, created new rules for perimeter gateways, and increased their security analytics activities. Over time, this has led to a security infrastructure anchored by numerous disconnected point tools for incident detection/response. Tactically driven enterprise IT security has always suffered from operational inefficiencies, but even with this it provided reasonably adequate protection against threats such as general purpose malware, spam, and amateur hackers. Unfortunately, existing security systems, which are often perimeter and signature based, are no match for todays insidious threat landscape. This is especially true with regard to security analysis tools because: 5 Source: Ibid. 2013 by The Enterprise Strategy Group, Inc. All Rights Reserved. 7. White Paper: The Big Data Security Analytics Era Is Here 7 Security analytics tools cant keep up with todays data collection and processing needs. According to ESG research, 47% of enterprise organizations collect, process, and ana...

Recommended

View more >