The Business Value of Log Management Software - part 4

Start here, Part 2, Part 3

4. Risk Assessment and Management

Security intelligence provides the backbone for risk management through impact analysis and threat modeling. It is the difference between reacting to attacks on the network and proactively protecting your most important assets.

Impact analysis is based on the value an enterprise assigns to a particular asset and negative consequences to the business if it is compromised. Security intelligence addresses this by asset and data discovery and classification to identify critical assets. Further, it answers questions such as: How exposed is the asset? Does it have direct access to the Internet? Does it have known vulnerability for which there are known exploits? 

Threat modeling takes all these factors into account and more¸ identifying not only vulnerabilities on the target system, but possible attack paths based on exploiting weaknesses between the target and the Internet -- poorly designed firewall rules, badly configured router ACLs, etc.

5.Regulatory Compliance

Compliance is a foundational use case for security intelligence. It addresses many compliance requirements, particularly all aspects of security monitoring. So, for example, security intelligence doesn't meet all your PCI requirements, but it does meet all you PCI monitoring requirements in a way that SIEM and log management alone cannot. Security intelligence provides the data that serves as a foundation to deliver and demonstrate audit requirements for all regulations.

By monitoring broadly across IT infrastructure – events, configuration changes, network activity, applications, user activity, security intelligence consolidates compliance capabilities in a single product suite, rather than relying on multiple point products, each delivering its own piece of the audit puzzle.

Conclusion.

Security intelligence, like business intelligence, enables organizations to make smarter business decisions. It enables organizations to process more information, more efficiently across the entire IT infrastructure. Applying business intelligence technology literally enables organizations to do more with less: Instead of having analysts devote expensive hours manually poring through a fraction of the available data, business intelligence automates analysis across all available data and delivers role-based information specific to the task.

Information technology is after all, about automating business processing –for purchasing, logistics, ERP, etc. Security intelligence is about automating security: understanding risk, monitoring the infrastructure for threats and vulnerabilities, and prioritizing remediation.

By centralizing security tools and data from the IT infrastructure, security intelligence enables consolidated management and more efficient use of resources devoted to security. Organizations improve their security posture without additional operational and personnel costs and the expense of purchasing, maintaining and integrating multiple point products.

Security intelligence yields key benefits in business cost and efficiency:

• Reduces cost associated with deployment and operation. Rather than add people, you free them to make security relevant to the business. 
• Makes product acquisition simpler and cheaper. Enterprises purchase a single platform, rather than multiple products. 
• Facilitates deployment through a unified platform rather than multiple products, which have to be integrated to even approach an acceptable security intelligence capability. 
• Gives a broad class of organizations security capabilities that were formerly possible only for the most sophisticated enterprises. 
• Automates the collection, normalization and analysis of massive amounts of security data from technical and organizational silos. This capability applies rich context to every analysis. 
• Enhances threat detection, applying context to detect possible attacks that might go unnoticed by a particular security technology. 
• Improves incident response through accurate and quick detection. 
• Realizes staffing ROI. Organizations can implement new security services, such as world-wide threat monitoring, without additional manpower.
• Empowers enterprises to run highly robust security programs, processing billions of records daily and producing a score or so of high-priority action items every 24 hours.

Forward-thinking organizations have recognized and embraced the value of business intelligence technology, as their success is predicated on the ability to analyze and act upon the essential information derived from staggering volumes of data. Similarly, security intelligence is essential because information security is integral to doing business in the 21st century. Powerful, automated analytic of centralized data from sources that cover the entire spectrum of the IT infrastructure make a high level of cost-effective security not only possible, but indispensable.