[May 18, 2015]

95 Percent of Those Using Advanced Security Analytics Are Confident They Can Detect a Security Issue before It Has Significant Impact

Enterprise Management Associates (EMA (News - Alert)), a leading IT and data management research and consulting firm, today announced the release of research looking at advanced security analytics and its enterprise adoption thus far. The report, sponsored by Prelert and entitled "Data-Driven Security Reloaded," found that IT professionals are already understanding the importance of advanced security analytics in identifying and mitigating incidents before they have a significant impact on the organization and its customers.

Top findings of the research include:

• 62 percent of IT professionals say traditional approaches are producing too many security alerts and false positives for them to handle.
• More than half of IT professionals (57 percent) said they would need to implement security analytics in order to acquire unique or specialized data for context.
• Security analytics ranked top for perceived value when compared to total cost of ownership.
• Of those IT professionals already using security analytics, 95 percent were confident of their ability to detect a security issue before it had significant impact.

An infographic detailing the results is available here: http://info.prelert.com/infographic-value-security-analytics-anomaly-detection.

EMA's research showed that 25 percent of organizations know they experienced a breach or significant cyberattack that incurred loss last year. With this reality, organizations must look beyond traditional perimeter security solutions and embrace advanced security analytics to effectively identify breaches earlier.

"Security analytics, though a relatively new field of technology, are the next step in detection and response technology. Machine-learning algorithms and analysis techniques have advanced far beyond the capabilities of what was available in the commercial markets only 2-3 years ago," said David Monahan, Research Director at EMA.

The Need for Security Analytics

When asked how they felt about security analytics, 70 percent of respondents indicated that they either have an investment in the technology or would have an investment if it were not for insufficient resources at the time of survey.

Though security analytics ranked second to last in deployment saturation among respondents, for the second year in a row, EMA's research scored it in the top ranking for perceived value when compared to total cost of ownership (TCO).

In fact, 95 percent of respondents already using security analytics said they were confident of their ability to detect a security issue before it had significant impact.

Drilling down further, when asked why they needed to use advanced security analytics:

• More than haf of respondents (57 percent) said security analytics "provided unique or specialized data for context" - data that's needed to identify today's stealthy security threats.
• 36 percent said better data flexibility and the adaptability to address a wide range of requirements was the top reason.
• The same percentage (36 percent) responded that better data correlation and fidelity for creating responses was their top reason.
• 29 percent listed lowering false positives as their top reason.
• Another 29 percent said they looked at security analytics as a way to reduce incident response time.

"This research provides end-user validation that security analytics is providing tremendous value by accelerating threat detection, investigation and response," said Mark Jaffe, CEO of Prelert. "In order to deserve the moniker 'advanced,' however, security analytics must be easily deployed to operate continuously, against a broad array of data types and sources, and at huge data scales to produce high fidelity insights so as not to further add to the alert blindness already confronting security teams."

IT security professionals were asked to rank why security analytics were needed in their organizations. The top-ranked responses were:

1. Providing highly actionable intelligence/context for incident prioritization
2. Providing data aggregation and correlation
3. Improving long-term trend or anomaly analysis
4. Enhancing or accelerating post-incident forensics
5. Enhancing breach or compromise [incident] response

When evaluated singularly, each of the above reasons can be seen as valuable in its own right, but when viewed collectively, their capability to provide a significant force multiplier for an already taxed security organization is tremendous.

In addition, when asked what they wanted most out of a tool that accelerated breach detection, 39 percent of respondents said they were "searching for better trend analysis and anomaly detection to reduce false positives," followed closely by "an increased ability to easily aggregate and cross analyze varied data sources" and "advanced automated or guided response capabilities."

Alert Blindness Lowers Confidence

"Alert blindness" continues to be an issue for IT security professionals, as today's security technologies produce an overwhelming number of incident alerts, making it increasingly difficult to review each one - or even to know which are truly critical and should be concentrated on.

Echoing this, the research found that 62 percent of respondents are seeing too many false positives or have too many alerts to handle - keeping them from feeling confident in the security protections they have in place. Another 38 percent responded that they are not confident because there is too much uncorroborated data and a lack of context about that data.

"Lack of knowledge about what is really a security threat and what needs your immediate attention is hurting the ability of IT security teams to understand and respond quickly and effectively," added Mike Paquette, VP of Security Products for Prelert. "Organizations need machine learning-based tools to cut through the clutter and detect threat activity before it becomes a problem for customers."

EMA's research was conducted over the course of the first few months of 2015, studying 18 areas of technology in use by organizations to understand what technologies they are deploying, why they felt they did or did not receive value out of those technologies and how they are using those technologies to prevent, detect and respond to threats against their assets, especially information assets. Participants included IT administrators supporting the security function and information security professionals and IT management supporting security.

For access to the full report, please visit http://info.prelert.com/ema-it-security-analytics-survey-results.

About EMA

Founded in 1996, EMA is a leading industry analyst firm that specializes in providing deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help their clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at http://www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on LinkedIn, Twitter, and Facebook.

About Prelert

Prelert is the leading provider of machine learning anomaly detection for IT security and operations teams. By using automation and machine intelligence to eliminate manual effort and human error, the company's software finds security breaches and service disruptions that legacy tools miss. Hundreds of progressive IT organizations rely on Prelert's advanced analytics to automatically mine huge volumes of IT data in real time, enabling them to identify security threats and performance issues before they impact business. For more information, please visit www.prelert.com or follow @Prelert.

View source version on businesswire.com: http://www.businesswire.com/news/home/20150518005214/en/

[ Back To TMCnet.com's Homepage ]