Coping with Security Data Overload in Today’s Connected World

By Haystax, July 10, 2017 | SHARE

The way we generate information about ourselves today — increasingly through social media, computer networks and connected devices — has forced security professionals to re-evaluate how they capture data, analyze the information it contains and incorporate new automated processes into security workflows.

Adam Lurie, Haystax Technology’s Director of Predictive Analytics, recently presented his views on the security challenges posed by the proliferation of user-generated data sources during the NCMS 53rd Annual Training Seminar for Industrial Security Professionals, held in Anaheim, CA in late June.

His presentation, entitled Utilizing Advanced Analytics and Social Media in Security, Insider Threat & Risk Decision Making, provided the attendees with a glimpse into the future of risk analysis and data collection. With the higher volume and velocity of data, Lurie said, come major challenges in analyzing these sources, ranging from information accuracy and data-source correlation to resource limitations and privacy and civil liberties concerns.

In order to address these challenges, Lurie suggested that the appropriate way forward was for organizations to build a security analytics model that incorporated up front the necessary risk factors — combined with components of relevant laws, regulations and governance structures — to enable organizations to properly assess and act on the pertinent information.

Demonstrating two successful use cases in which a security model was used to analyze massive volumes of information and make decisions in an accurate and appropriate fashion, Lurie left the participants with three key takeaways that they could bring back to their organizations, specifically:

  1. 1. Emerging data sources are here to stay, and you need to start thinking about how you can harness them in service of better predictive analytics.
  2. 2. A security model can be used to overcome challenges with much of the available source data, such as completeness, accuracy and relevance.
  3. 3. Any use of new information sources and implementation of a security model needs to be fully integrated into current organizational workflows and corporate practices to enable appropriate due process and proper responses to emerging security threats.

Because Haystax Technology uses a ‘model-first’ approach to security analytics, our Constellation Analytics Platform™ can provide deep insights into emerging threats well before most security information and event management (SIEM) and pure machine-learning systems — even when data is sparse or unavailable. On the other end of the spectrum, Constellation can also handle massive volumes of data from a wide array of sources, providing comprehensive predictive analytics at a scale that would overwhelm even a large team of expert analysts.