What are the main challenges that security analytics can be used to address?
Security analytics is a subset of data analytics, focusing on security events. When reviewing data for security events, the challenge is that you are looking for needles in a haystack.
There are many false positive and false negative security events and your team only has limited resources to devote to analysis. Despite this, as the threat landscape changes, you are expected to identify, monitor and prevent new cyber attacks.
Therefore, security analytics can be used to address the problem of triage, analysis and response to large volumes of data requiring analysis for security events.
The main challenges that security analytics face is, first of all, providing answers to datasets that can be measured. An analysis of security events does not always reach a conclusion of yes or no, but sometimes offers a maybe. This is because of the nature of how risk is often quantified in the cyber domain.
Also, one form of analysis – the use case of historic precedence – often does not often apply to the next type of analysis required.