Guidelines for Right Approach to Behavioral Analytics in Infosec

Behavioral analytics is gradually gaining momentum within the information security domain. Being a relatively newer area of pursuit, organizations are still trying to figure out the right approach and strategy.

Right vendor selection is the foremost among the guidelines for effective behavioral analytics implementation. The biggest problem is that many security vendors build behavioral analytics for the 1% of the most sophisticated and capable companies out there. When most vendors build to these capabilities, enterprises are left to hire their own data scientists and experts. And, that is a recipe for failure.

For one, there is a huge dearth of the required expertise in the market. While there has been an exponential increase in threats, there hasn’t been the same exponential increase in the talent to defend it. As a result, the defending community has to be armed with tools that enables them to get to the answers quickly and easily instead of having to hire the most sophisticated people. The reality is that there just aren’t going to be that many security professionals around.

“The vendors sometimes build these very complex capabilities and put it in the hands of the user community who are not mathematicians and data scientists, and can’t possibly hope to hire or retain one,” explains Grant Geyer, Senior Vice President, Products, RSA.

Therefore, its important to understand how much out of the box the solution is vs. how customized it needs to be. If the organizations focus more on working with the vendor that can solve 95% of the problems for them in an automated they are going to be better off, suggests Geyer. These are the vendors who have aggregated the common aspects of behavior analytics that are indicative of hackers and built it into the product.

The more behavioral analytics is out of the box and doesn’t have to be tuned for each unique use case and incident, the better it is going to set up the customer for success. The key is a solution that has the mathematics and science built into it so that the user only needs to worry about the results and achieving the outcomes they want and not how to pull all the maths and science at the backend.

Even a sophisticated enterprise that has the wherewithal to deploy enough resources would prefer an out of the box solution as it would rather use its best hunters to focus on the edges of where the technology can’t touch instead of wasting them on the areas that can be automated.

Another key consideration while choosing the right vendor is the visibility it offers. An organization needs to think about what are the right sources of data that it can use to spot the incidents. If the technology doesn’t have the ability to pull in enough sources of data, its going to be blind to the incidents.

Besides the right vendor selection, Geyer suggests two more guidelines for organizations that are planning to go down the behavioral analytics line.

The first is not to approach it as a technology problem only. CIOs and CISOs have to think about the strategy in order to be successful. This involves understanding the risk to the organization, understanding the acumen of the people that they can hire and retain, understanding how mature their processes are and finally it involves technology.

Second is around the staffing requirements – getting a clear understanding of how well trained and mature the internal security staff needs to be in order to take actions based upon the insights from the behavioral analytics platform. It can be the best technology in the world but if the staff isn’t capable of understanding it’s a waste of money.

Categories: Technology

About Author

Write a Comment

Your e-mail address will not be published.
Required fields are marked*


Recent Comments