SECURITY

Let Analytics Drive You To Be the Warriors of Cybersecurity

The Golden State Warriors did something earlier this season that no other team in NBA history has done. The team became the first to win 30 of its first 35 games in three consecutive years.

How do we know this? Because the Warriors keep data on just about everything. And despite the team’s collection of talent – former league MVPs (two), NBA Finals MVPs (one), All Stars (six) – it’s the ability to pull analytics from that data that has played a key role in turning one of the league’s historicly worst franchises into one of the most recognizable sports brands in the world in just five short years.

Warriors’ management has attributed some of its recent success to its ability to dive into numbers and make sense of them. The team has used technology to track everything from how much a player is running – which can help predict when an aging veteran might need a night off to maintain optimum performance – to how certain players perform together.  

The approach has led to both on the court success and recognition in the business world, where the MIT Sports Analytics Conference named the Warriors the best analytics-driven organization the past two years.

Similarly, making sense of data can improve the security posture of an organization. Often times organizations have vast amounts of security-relevant data they are already generating. Advanced analytics are key to producing insights from those mountains of data. Machine learning can then automate that analysis to identify hidden threats.

An analytics-driven security information and event management (SIEM) platform will arm you with advanced analytics by employing sophisticated quantitative methods, such as statistics, descriptive and predictive data mining, machine learning, simulation and optimization, to produce additional critical insights. Key advanced analytics methods include outlier detection, peer group profiling and entity relationship modeling.

A modern SIEM can provide tools that make it possible to visualize and correlate data by mapping categorized events against a kill chain or creating heat maps to better support incident investigations.

diagram modern SIEM capabilities

Making all that possible requires access to a SIEM platform that makes use of machine learning and algorithms capable of learning on their own, which can represent normal behavior versus an actual anomaly.

That level of behavioral analytics can then be used to build, validate and deploy predictive models. It then becomes possible to employ a model created using third-party tools in the SIEM platform.

Do you want to learn more about advanced analytics and the other essential capabilities needed for a successful analytics-driven SIEM. Read our white paper on the Six Essential Capabilities of an Analytics-Driven SIEM

Posted by

Join the Discussion