Security intelligence, built on the same concepts that have made business intelligence an essential enterprise technology, is the critical next step for organizations that recognize the importance of information security to their business health.
Too often, the response to new security threats is a “finger in the dam” approach with a particular point technology or reactive new policies or rules.
This is in large part because a unified security program, based on automated analysis of unified information from across the IT infrastructure, is costly, complex, difficult to implement and inefficient. As a result, most organizations lack accurate threat detection and informed risk management capabilities.
In this series of posts, you will learn how security intelligence addresses these shortcomings and empowers organizations from Fortune Five companies to mid-sized enterprises to government agencies to maintain comprehensive and cost-effective information security. In particular, we will show how security intelligence enables critical concerns in five key areas:
- Data silo consolidation
- Threat detection
- Fraud discovery
- Risk assessment and management
- Regulatory compliance
Why Security Intelligence?
High-performance enterprises excel in business in large part because they know how to put their information to work. Aided by the automated use of business intelligence technology, they apply analytic to extract maximum value from the massive amounts of data available to them.
The same approach should be applied to securing that information by implementing a security intelligence program. Just as business intelligence helps enterprises make decisions that maximize opportunities and minimize business risks, security intelligence enables them to better detect threats, identify security risks and areas of noncompliance, and set priorities for remediation.
The case for business intelligence is compelling. It enables organizations to support their critical decision-making by automating the data analysis processes at a level that manual analysis can scarcely approach. By applying computer-based business analytic to their unique environments, successful organizations derive the greatest possible value from their amassed terabytes and petabytes of data, from sales revenue and customer demographics to the cost of shipping and raw materials.
The case for security intelligence is equally, if not more, compelling. Enterprises and government organizations have vast quantities of data that can help detect threats and areas of high risk, if they have the means and the commitment to collect, aggregate and, most importantly, analyze it. This data comes not only from point security products, but also from sources such as network device configurations, servers, network traffic telemetry, applications, and end users and their activities.
Security intelligence reduces risk, facilitates compliance, shows demonstrable ROI and maximizes investment in existing security technologies. By analogy to business intelligence, the goals of security intelligence are to:
- Distill large amounts of information into an efficient decision-making process, reducing a billion pieces of data to a handful of action items.
- Operationalize data collection and analysis through automation and ease of use.
- Deliver high-value applications that help organizations derive the most benefit from their data to understand and control risk, detect problems and prioritize remediation.
- Validate that you have the right policies in place.
- Assure that the controls you have implemented are effectively enforcing those policies.
Organizations have a long way to go in understanding their IT security environment. Consider a 2010 survey by CSO magazine, sponsored by Deloitte, which reported that seven in 10 security incidents are never reported. According to Deloitte, indications are that in most cases the victim organizations are not even aware they have been compromised.
No comments:
Post a Comment