By Marcos Colón

September 26, 2016

The cybersecurity industry is full of terms that both vendors and end users love to glom on to. Ok, maybe vendors lead the way, but their customers may not be doing a good job of speaking up and asking them to clarify what it is they do  taking the various mixed marketing messages as they come and running with it.

This has been the case over the years, but as the C-suite’s interest in the business’s cyber risk posture grows, more questions are being asked about the solutions put in place and why the millions of dollars being spent on security tools isn’t enough to prevent data breaches. 

Outside of the cloud access security broker (CASB) market, the security analytics space is red hot. With major players like Gurucul, Exabeam, Bay Dynamics and Securonix all heating up the market, security practitioners are on alert, but also confused about what each of these vendors has to offer. Why? Likely because security analytics doesn’t mean anything in itself, says Steven Grossman, vice president of strategy and enablement at Bay Dynamics. 

According to a recent report by Forrester titled “Counteract Cyberattacks With Security Analytics,” the research entity defines a security analytics platform as one that is “built on big data infrastructure to converge logging, correlating, and reporting feeds from security information management (SIM), security solutions, network flow data, external threat intelligence, and diverse endpoints and applications. The SA platform uses this information and machine learning techniques to provide real-time monitoring and facilitate the rapid incident detection, analysis, and response.” 

It's quite the loaded definition, but it does get to the bottom of what this technology is all about; providing numerous roles in the business  from those in the security and risk department to upstream management  with various outcomes. 

“It’s a generic term that talks about taking data in and analyzing it in some way,” Grossman said in a recent interview with Infosec Insider. “In the old days that was spreadsheets, these days it could mean a whole slew of different things.” 

While every vendor and analyst define security analytics in different ways, it's also being leveraged by organizations depending on what its goals and needs are. From detecting insider threats and managing compliance from a specific set of applications to calculating the company’s value at risk, different individuals in the business will be looking for different outcomes when they leverage security analytics, Grossman says. 

In this video, Grossman sits with Infosec Insider to run through some of the misconceptions tied to security analytics, in addition to discussing how it’s being used by different roles within organizations.