Traditional security approaches produce too many false positives
According to 62 percent of IT professionals traditional security approaches produce too many alerts and false positives for them to handle.
This is among the findings of a new study from research firm Enterprise Management Associates (EMA), sponsored by machine learning and automation specialist Prelert, which shows that 25 percent of organizations know they experienced a breach or significant cyber attack that incurred loss last year.
When asked how they felt about security analytics, 70 percent of respondents indicated that they either have an investment in the technology or would have an investment if it weren't for insufficient resources. Of those IT professionals already using security analytics, 95 percent were confident of their ability to detect a security issue before it had a significant impact.
"Security analytics, though a relatively new field of technology, are the next step in detection and response technology. Machine-learning algorithms and analysis techniques have advanced far beyond the capabilities of what was available in the commercial markets only 2-3 years ago," says David Monahan, Research Director at EMA.
More than half of respondents (57 percent) say that security analytics provides unique or specialized data for context -- data that's needed to identify today's stealthier security threats. Better data flexibility and the adaptability to address a wide range of requirements was cited by 36 percent the top reason for using analytics. Other reasons named were better data correlation and fidelity for creating responses (36 percent), and lowering false positives (29 percent). A further 29 percent see security analytics as a way to reduce incident response time.
'Alert blindness' on traditional systems continues to be a major issue, with 62 percent seeing too many false positives or having too many alerts to handle, with the result that they don't feel confident in the security protections they have in place. Another 38 percent say they aren't confident because there's too much uncorroborated data and a lack of context about that data.
"Lack of knowledge about what is really a security threat and what needs your immediate attention is hurting the ability of IT security teams to understand and respond quickly and effectively," says Mike Paquette, VP of Security Products for Prelert. "Organizations need machine learning-based tools to cut through the clutter and detect threat activity before it becomes a problem for customers".
The full report Data Driven Security Reloaded is available to download from the Prelert website.