Join us for the FREE Cyber Defense Forum | Live Online on October 9

Press

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.






Slow but Steady Improvement in Security Analytics Usage: Results of the SANS 2015 Analytics and Intelligence Survey

Reduced Average Time to Detection; Still Can't Understand and Baseline "Normal" Behavior; Lack People, Skills and Dedicated Resources

  • Bethesda, MD

Organizations are making slow but steady progress toward gathering more data, using threat intelligence sources and implementing analytics platforms, according to results of a new survey to be released by SANS Institute on November 11, 2015. Organizations are also more realistic about their levels of automation and their lack of visibility into breaches.

"It's apparent that security analytics is providing real value in security organizations today," says Dave Shackleford, SANS Analyst and author of the survey report. "Overall, detection and response times are improving, and many teams feel like they are building more effective security event management and intelligence programs with analytics capabilities."

In 2014, for those organizations that experienced breaches, 50% indicated the average time to detection for an impacted system was one week or less. This year, 67% were able to make that target.

Although 83% also believe that they have improved visibility into events and breaches, 26% still can't identify what "normal" behavior looks like, but this has improved by 10% of respondents from 2014. Respondents point not only to a lack of automation and integration, but also to a lack of analytics skills as big impediments holding them back from realizing the full potential of their analytics and intelligence programs.

Shackleford adds, "The biggest challenge security teams face when implementing security analytics tools continues to be finding the skill sets and personnel to implement, manage and tune these systems."

In the survey, 59% of respondents said that lack of skills and dedicated resources were key impediments to discovering and following up on incidents and breaches. Lack of centralized reporting and remediation controls represented the second toughest impediment, selected by 35% of respondents.

Full results will be shared during a two-part webcast series on Wednesday and Thursday, November 11 and 12, 2015, at 1 PM EDT.

The first webcast, on Wednesday, November 11, will focus on the current level of maturity organization have in their analytics systems and how much their capabilities have grown since 2014.

The second webcast, on Thursday, November 12, will discuss how analytics needs to mature and what improvements survey respondents plan to make in the future.

The webcast series is sponsored by AlienVault, DomainTools, LogRhythm, LookingGlass Cyber Solutions, SAS, and ThreatStream, and hosted by SANS. Register to attend both webcasts at: www.sans.org/u/9Br and www.sans.org/u/9Bw

Those who register for the webcast will also receive access to the published results paper developed by SANS Analyst and analytics and intelligence expert, Dave Shackleford.

Tweet This

3rd Annual SANS #SecurityAnalytics & Intel Survey Results in 2 Parts: 11/11, www.sans.org/u/9At; 11/12, www.sans.org/u/9Ay #infosec

Survey Results: So much #SecurityAnalytics & Intel Info, we need 2 Parts: 11/11, www.sans.org/u/9At, 11/12, www.sans.org/u/9Ay

NOV 11: #SecurityAnalytics Maturation Curve: SANS Security Analytics & Intel Survey Results PT 1, www.sans.org/u/9At #infosec

NOV 12: Moving up the #Analytics Maturation Curve: SANS Security Analytics & Intel Survey Results PT 2, www.sans.org/u/9Ay #infosec

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)