2015 SANS Analytics & Intelligence Survey

November 12, 2015 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Following on from its 2014 survey, SANS has conducted a new survey to determine how organizations are leveraging analytics and intelligence tools and services. These are important questions to ask because without the right mechanisms in place to utilize analytics and intelligence, companies will struggle to be effective in detecting and responding to attacks.

The survey collected responses from 476 participants across a section of industry verticals and companies of varying sizes. The roles of respondents also varied from security analysts, security managers, chief information security officers as well as network operations, system administrators and support staff.

Some of the key trends to emerge from the report include:

Buzzwords: A quarter of participants considered big data for security analytics to be a buzzword, although they do see that big data and security data sharing use the same processes and tools.

Automation: Only 3% reported that their analytics and intelligence processes for pattern recognition are fully automated, and another 6% have implemented a “highly automated” intelligence and analytics environment.

Improved Visibility: 83% have improved visibility into events and actual breaches. Whilst this is not quite 20/20 vision, it is a marked improvement.

Baselining: When it comes to baselining normal behavior in order to be able to spot anomalies, 26% of participants claimed to still not be able to understand and baseline normal behavior.

Staffing: A common theme amongst nearly all security surveys resurfaces here as 59% of respondents cited the lack of people and dedicated resources as an impediment.

It is clear from the results that the use of threat intelligence is increasing and visibility is improving. However, baselining normal behavior and obtaining personnel with the right skills remain a challenge.

Javvad Malik

About the Author: Javvad Malik

The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial