Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Releases Results of 2014 Analytics and Intelligence Survey

Analytics Capabilities Increasing, Lack of Visibility a Key Concern, Automation Offers Some Remediation

  • Bethesda, MD
  • October 1, 2014

Organizations are using security information event management tools and intelligence from third-party service providers to correlate threat intelligence data, and when they do, 55% believe their ability to correlate incidents is improved, according to the 2014 SANS Analytics and Intelligence Survey. Visibility into their applications, underlying systems and vulnerabilities was deemed a key barrier to incident detection and response by 39% of respondents, while visibility across networks and into endpoints, mobile devices and cloud-based applications and processes was also highlighted as a concern.

"One of the biggest challenges security organizations face is lack of visibility into what's happening in the environment," says Dave Shackleford, SANS Analyst and author of the survey results paper. "Analytics tools are helping provide more visibility than ever before, but there are still big challenges to overcome in determining what to monitor how to find the needles in the haystack." Respondents pointed to a number of causes for their lack of visibility and difficulty distinguishing between normal and abnormal behaviors:

  • 36% pointed to inability to understand and baseline normal behaviors
  • 30% say they lack the people, skills and resources
  • 26% admit they don't collect the correct information

"You need to have an idea of what to look for. Analytics allows better correlation of datasets that, heretofore, not been easily combined--such as user activity monitoring, ability to understand the rules of behavior for a system," adds Barbara Filkins, SANS Analyst and advisor for this survey. "The trick is being able to find that needle in the haystack.

Automation is another avenue that can lead to better visibility. Although only 9% of respondents report fully automating their analytics and intelligence, 47% say they are fairly well automated. Greater emphasis is needed here to reduce the effect of lack of trained staff, improve visibility, and enhance detection and response.

Filkins adds, "Analytics applied to security big data isn't a silver bullet or a magic trick--it takes work to make these techniques useful."

Full results will be shared during a two-part webcast on Thursday, October 9 and Tuesday, October 14, both at 1 PM EDT. The webcasts are sponsored by AlienVault, HP, LogRhythm, McAfee/Intel Security, Rapid7 and ThreatStream, and are hosted by SANS. Register to attend the two complimentary webcasts:

Part 1--Current State: Detection and Response at

Part 2--Future State: Improving Intelligence and Threat Protection at

Register and attend both webcasts to be eligible for a $75 American Express gift card. The winner will be announced during the October 14 webcast. Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and analytics expert, Dave Shackleford.

Tweet this:
2nd Annual Analytics & Intel Survey Results in 2 Webcasts: 10/9, 10/14 #infosec
Analytics & Intel Survey Results: 10/9, 10/14 Attend both-win $75 gift card
2nd Annual Analytics & Intel Survey Results Webcast PART 1 - Current State: 10/9 #infosec #enterprisesecurity
2nd Annual Analytics & Intel Survey Results Webcast PART 2 - Future: 10/14 Attend both-win $75 gift card

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (