In their report, “An Analytics-based Approach to Cybersecurity,” Enterprise Strategy Group explains why organizations continue to experience costly data breaches and how some lack the right cybersecurity strategies, skills, processes, and technologies needed to best tackle cyberattacks. The report highlights two key areas of weakness – incident response and limitations of legacy SIEM solutions.
Incident response is a simple concept yet many companies felt they were weak in capabilities such as performing root cause analysis, scoping an outbreak to contain and remediate the infection and then determining how to prevent similar attacks in the future. This means that any attack that gets into the organization will have a good change to persist within that organization, and once the attack is in and persistent, it can be to gain further access into the organization and ultimately accomplish it’s mission – to spy on the company, steal resources or steal data – and becoming a data breach.
However, companies can embrace a new concept to mitigate this situation and prevent any successful compromises from becoming a breach. The approach is to develop the ability to detect infections and potential compromises early, and then determine how it got in (root cause), determine how far it’s gotten (scoping the attack), and then determine how best to contain the situation (contain) and then implement a recovery plan.
While SIEM solutions were supposed to address these issues, the report indicates that SIEMs are mostly used for regulatory compliance and monitoring rather than analysis and investigation.
Splunk customers have solved these problems – incident response and SIEM limitations – for several years. It’s a big reason why Splunk’s security business has been growing rapidly and why Splunk is often purchased to replace legacy SIEM solutions.
Splunk customers are able to get all machine data into the system for analysis; they are able to perform ad-hoc and custom searches and query using an easy-to-use search interface; they can search and pivot across any data field across any data set to conduct root cause analysis, trace activities to determine the scope of any attack and to determine affected systems across the organization. Once the investigation is completed, all the evidence from the analysis can be brought back into the system so similar attacks can be detected early moving forward.
Then download Splunk and see how easy it is to embrace an analytic-based approach to cybersecurity.
Sr. Director, Security Markets