Title image for blog post

September 17, 2018 / by Cheryl Dsa / In Analytics /

Tips to select the right security analytics tool

Data Management is a challenge for all

There’s a great deal of data that enterprises need to manage - logs, security alerts, threat intelligence… the list is endless. It seems impossible for SOC analysts to get a complete and accurate view of the vulnerabilities and threats faced by the organization for there’s simply too much information out there that’s susceptible to risk.

And yet, instead of focusing on identifying threats and prioritizing response efforts, teams are scrambling to try to keep up with the ever-growing pile of simple, repetitive tasks.

You need help keeping up with the security alert volume and prioritizing the right alerts!

The disturbing upward trend in cyber security breaches has witnessed a spike in security investment. According to the Cyber Security Breaches Survey 2018,

  • Over four in ten businesses (43%) and two in ten charities (19%) experienced a cyber security breach or attack in the last 12 months
  • Three-quarters of businesses (74%) and over half of all charities (53%) say that cyber security is a high priority for their organisation’s senior management.
  • Under three in ten businesses (27%, versus 33% in the previous 2017 survey), and two in ten charities (21%) have a formal cyber security policy or policies

This is where security analytics tools come into the picture. These tools help organizations detect and prioritize threats, and formulate responses against potential attacks. The solution might seem rather simple, all that needs to be done is get a security analytics platform, I assure you though, procuring a security analytics tool is no easy task.

Security analytics tools everywhere!

In today’s vast threat landscape, there is a plethora of technologies and tools to choose from, you need to find the right security analytics software to suit your enterprises needs. The question still remains though, how do you make the right choice?

select the right security analytics tool

How to choose the right security tool? Decoded by Kelly M. Kavanagh

The recently concluded Gartner Security and Risk Management Summit 2018 held in Mumbai on 30-31 August had many Gartner Security Analysts including Kelly M. Kavanagh and Sid Deshpande throw valuable insights on changing security and risk landscape and a comprehensive coverage of today’s top priorities for security and risk leaders. Kelly’s session ‘Tips for Selecting the Right Security Analytics Tools for Your SOC’ gives expert guidance on the practical method of selecting the right security tool.

First, get to the basics

Be aware about the current state of your security analytics before you get on with selecting the right tool for your enterprise:

  • Kind of technologies you’re currently using
  • Your concerns and requirements
  • Resources and expertise you have
  • Do you have Playbooks?

After all, finding the right security analytics tool is about making the right decision fiscally and technologically, because this decision goes beyond just security features.

The selection of the type of tool you need may vary with different use cases. There are a number of factors that need to be considered while selecting the right tool.

1. Size of the organization

The size of the company and the type of the industry plays an important role in the buying decision. For instance, while a small scale security analytics software might be sufficient for a small to medium scale business, it may turn out to be absolutely useless for a medium to large scale company unless its capabilities can be scaled as the industry grows. Similarly, a large scale security analytics tool may not make sense financially for a small business.

2. Capabilities of the tool

Security admins will need to first understand what are the capabilities of these tools. A detailed analysis should be made about what these tools can and cannot do. You should evaluate the objective of the tool based on the following quality metrics rather than the technique used by the tool:

  • Anomaly detection - scope, detection and false positive rates
  • Incident response - time to detect and time to remediate

New techniques do not always necessarily correspond to better detection. Before making a choice and deciding on a set of security analytics tools, see how they work, and how businesses deploy them.

3. Type of deployment

You also need to consider the type of deployment the software supports. The cost of hardware, software or virtual appliances can factor heavily into which security tool is right for a business. The tool you pick should be designed to support complex architectures and have the capability to scale out to complex service provider scenarios without compromising on the features or the capability of the platform.

4. Types of threats faced by your industry

Another factor that plays a major role in deciding the right tool is the type of threats a certain industry often faces or is most likely to face. Some security analytics vendors specialize in specific types of attacks such as Advanced Persistent Threats (APT) whereas some others specialize in specific sectors such as finance and healthcare. Choose a vendor that caters to your industry specific threats. For example, the education industry may be prone to attacks from actors such as APT groups attempting to gain access to sensitive intellectual property, while organizations in the financial services and insurance sectors face cyber threats from enterprise-like cybercriminals seeking financial account data or other data they can monetize, to make live fraudulent transfers.

5. Other capabilities

Security analytics tools also extend the capabilities of other security tools. If they can’t integrate with a business’ existing tool set, you may want to consider taking a look at another vendor.

6. Cost of the tool

At the end of the day you ultimately want to know how much is the tool going to cost you. Each vendor may charge differently so it is imperative for you to know what you are agreeing to. Many modern tools do not charge you a dime to get onboard. Once you know the upfront cost, your job doesn’t end here, you need to look into what the ongoing costs will be like. You should know if they charge a set fee every month or is it based on your usage. Some vendors charge per site or per user and this can get tricky. For every vendor you evaluate, understand how many users, sites, and workflows are included in the price and if there are any overage fees to be aware of so you can gauge your price threshold.

Conclusion…

Ultimately each of us needs to understand that no two SOCs are alike and hence no single tool can be a one-size-fits-all. You have to gauge which tool best matches the needs of your enterprise and make the right choice.

As Mr. Kavanagh rightly said, the trick to select the right tool for you is to combine solutions that offer a near-real-time detection with those that provide incident response and forensic analysis capabilities.

provisions of the right security tool

The importance of these tools cannot be more emphasized. Security teams vary by size, vertical, expertise, and by what they need from threat intelligence.

You need to learn what these tools do, when they’re needed, and what do you need to pay attention to while purchasing them. Purchasing security analytics software would certainly make a business more secure in theory, but purchasing the right security analytics tools is what ensures it.