The focus on security intelligence is particularly relevant as operational responsibility for security is increasingly being placed in the hands of the network operations teams. It makes sense to mirror this consolidation of operational responsibilities with consolidation at the intelligence layer. Think in terms of enabling multiple tasks in single platform and cross-functional development of skills across the organization, then to deploy access based on roles.
Further, security intelligence adds value in other areas of IT, such as troubleshooting system problems, network issues, and user support and authorization analysis.
Security intelligence enables organizations to use integrated tools across a common framework, and leverage a unified data set to address problems along the entire security spectrum. This can be illustrated in five of the most prominent use cases in which security intelligence provides high value.
1. Consolidating Data Silos
Without automated technology, business intelligence analytic are difficult to execute. The data to enable you to understand inventory returns, supply chains, etc., is available, but is siloed in different applications and databases. It falls upon the analyst to compile data from all those sources and pour them into spreadsheets or databases to perform manual analysis. Security analysis poses similar problems, and security intelligence provides similar inefficiencies. From a security perspective, data can exist in three types of silos:
- Data locked up in disparate security devices, applications and databases
- Data that’s collected from point products, applications, etc., creating, in effect, yet another silo. It’s another database where that data is stored, but there’s no communication, no coordination between, for example, your configuration database
- Organizational silos of data segregated by business unit, operations group, department, etc.
In the first two cases, security intelligence breaks down the silos by integrating data feeds from disparate products into a common framework for automated analysis across different security and IT technologies. From a security perspective, this brings in all the enhanced detection and risk assessment capabilities the consolidated telemetry of security intelligence can deliver. From a CIO perspective, the reduction of these silos enables the rationalization of security products that would otherwise have to be managed on a point product basis. The third case requires considerable cooperation among groups that are typically separated, meaning a realigning of processes and responsibilities, and perhaps, some pressure exerted by management.
The crushing cumulative volume of all this disparate data exacerbates the problem exponentially. Each of these silos can create enormous volumes of data, in different formats, for different purposes and, in some cases, different policies, and even compliance requirements. Only automated security intelligence can effectively manage petabytes of security-related data and analyze it across organizational and operational silos.
No comments:
Post a Comment