How to Unify Multiple Analytics Systems to




            Determine Security Posture and Overall Risk

            By Amol Bhagwat, VP, Solutions and Field Engineering at Gurucul




            As the threat landscape continues to get more complex, security analytics are becoming essential for
            identifying, preventing and responding to threats. As a result, recent research suggests that the security
            analytics market will grow by more than 16% (to more than $25B) by 2026. Today, security products offer
            a variety of different analytics modules, either as separate parts of a platform like a SIEM or as individual
            products. This often include analytics for network traffic, behavior or UEBA, identity, IoT devices, cloud,
            logs and endpoints and more.

            All these analytics are important for detecting various threat actor tactics, techniques, and procedures
            (TTPs), such as account compromise, privilege access misuse, data theft, malware, lateral movement,
            device discovery, covert channel exfiltration and more. Analytics modules typically are powered by some
            form of machine learning and sit on top of a data lake. How much value an organization gets out of these
            analytics depends on two factors: 1) if those analytics modules are unified or separate, and 2) if they use
            a rules-based engine or true adaptive machine learning (ML).







            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          76
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.