Data Analytics covers a broad spectrum of techniques and technologies, giving organisations the ability to create a baseline for normal activity, monitor network activity and alert on anomalies. It can also highlight vulnerabilities and weaknesses in the security posture of the organisation and assist in remediation.
Why do we need it?
Without data analytics organisations have no understanding of what is going on within their network. Without this knowledge, they have no understanding of who is doing what, when and why. There are often legislative requirements for this knowledge, but it is also a basic security concept to understand what is happening with your data.
What are the benefits?
By performing data analytics you are arming yourself with the tools needed to minimise risk. You will be able to identify threats more quickly and remediate problems more rapidly. More significantly, you are likely to be able to prevent issues from even happening by proactively identifying weaknesses before they are exploited.
How should it be used?
IT Security is all about defence and in-depth analytics is no different. You should be reviewing your logs and looking for abnormal behaviour. You should analyse all network activity to understand what is the baseline for normal activity. This will help filter out the false positives.
Areas often covered with Data Analytics
• Security Information and Event Management (SIEM)
• Network Monitoring
• Intrusion Detection
• File Server monitoring and reporting
• Vulnerability Assessments and Penetration Testing
• User Monitoring