Big data and analytics have long been proven as valuable tools for countless aspects of the modern business process, and security is no exception. The value of the ability to aggregate security-related data based on important trends and metrics and do so in an efficient manner – by utilizing real-time data – cannot be understated. However, with that being said, there is an undeniable change occurring in terms of how security analytics solutions are being put into practice.
This is to be expected. After all, the entire market for analytics and business intelligence is changing in some way or another, as the industries and business leaders using these tools are themselves evolving. It naturally follows that security, a process that is connected to virtually every other aspect of business, would have to change as well. The transition away from security information and event management (SIEM) tools is one major aspect of this, and it may point a way toward what security analytics will transform into.
Moving beyond the starting point
According to Dark Reading, SIEM tools had a considerable value upon their initial release several years ago. However, as businesses' security needs became more complex, the benefits of SIEM were not entirely equipped to handle the task. Enterprises that needed to be fully aware of their users' activity and its effect on security couldn't depend on SIEM to perform this function at the proper scale.
Geoff Web, NetIQ's director of solution strategy, elaborated on this matter, stating that SIEM may have been oversold by some.
"Part of that is deserved – vendors sold it as security nirvana, whereas the reality is very different: it's a good tool, and like all good tools, needs to be used appropriately and for the right job," Web told the news source. He added that trends such as virtualization and the increasing complexity of corporate infrastructure have made SIEM even more problematic as a solution for security analytics.
Addressing the right data
The big data revolution has massively widened the scope of information that the average business deals with on a regular basis. Metrics such as social media stemming from a company's Facebook and Twitter followers, HR or financial information and other sources of valuable metadata have to be taken into account, and SIEM tools are not capable of doing this. All companies need to evolve with the times in all aspects of their operations, and as such they require BI and analytics solutions that are capable of dealing with present and future security challenges.