Page 76 - Cyber Defense eMagazine October 2023
P. 76
How to Unify Multiple Analytics Systems to
Determine Security Posture and Overall Risk
By Amol Bhagwat, VP, Solutions and Field Engineering at Gurucul
As the threat landscape continues to get more complex, security analytics are becoming essential for
identifying, preventing and responding to threats. As a result, recent research suggests that the security
analytics market will grow by more than 16% (to more than $25B) by 2026. Today, security products offer
a variety of different analytics modules, either as separate parts of a platform like a SIEM or as individual
products. This often include analytics for network traffic, behavior or UEBA, identity, IoT devices, cloud,
logs and endpoints and more.
All these analytics are important for detecting various threat actor tactics, techniques, and procedures
(TTPs), such as account compromise, privilege access misuse, data theft, malware, lateral movement,
device discovery, covert channel exfiltration and more. Analytics modules typically are powered by some
form of machine learning and sit on top of a data lake. How much value an organization gets out of these
analytics depends on two factors: 1) if those analytics modules are unified or separate, and 2) if they use
a rules-based engine or true adaptive machine learning (ML).
Cyber Defense eMagazine – October 2023 Edition 76
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.