Organisations who want to make use of cyber security analytics should build up a team of data scientists to complement their information security team, according to PwC (PricewaterhouseCoopers) Australia partner Michael Cerny.
Cerny, who is scheduled to present at cyber security conference AusCERT on 14 May, told Computerworld Australia that once the enterprise has a team together, the data scientists and security team can combine data sources together to give the organisation greater insights into attack patterns.
“There are primarily two main aspects of cyber security analytics that organisations can use. The first is to have a purpose in mind. It’s very easy in the current environment to use technology to analyse information. However, what we typically find is that this is back to front,” he said.
According to Cerny, it is better if companies have a specific purpose for the data in mind.
“Say you’re trying to prevent organised criminals from getting into your organisation and accessing financial information. Therefore, you need a specific form of analytics which potentially uses external and internal intelligence to defend the organisation.”
The second aspect is making sure that organisations have a good understanding of the people, processes and technology that they require.
“This includes having data scientists as well as information security specialists and that they have access to the right data.”
Security product landscape
Another issue facing organisations, according to Cerny, is the security product landscape becoming “overwhelmed” with vendors who are trying to promote analytics as part of their tool sets.
“I was recently at the RSA conference in San Francisco and there were 400 vendors – one in three had some form of analytics product. If I am an information security professional and I have a budget, it can be quite confusing. Do I need an analytics tool and where do I best use it?”
PwC’s Global State of Information Security Survey 2014 found that average information security budgets have increased by 51 per cent since 2013, including investment in data analytics products such as active monitoring/analysis of information security intelligence.
According to the survey, 49 per cent of global respondents said that they use threat intelligence subscription services while another 25 per cent said that implementation of these services would be a “priority” over the next 12 months.
Cerny's said when it comes to cyber security and analytics technology should “come last".
“You need to take a step back and think about the data that we’re trying to protect? Who are the threat actors, external and internal, who are trying to get access to that data? When you understand that, you can build processes and get a technology that will work for that specific purpose,” he said.
IDG Communications is an official media partner for AusCERT 2014.
Follow Hamish Barwick on Twitter: @HamishBarwick