Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Transcription

1 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember by The Enterprise Strategy Grup, Inc. All Rights Reserved.

2 Intrductin Research Objectives Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics In rder t assess the intersectin f big data and security analytics in 2012 and beynd, ESG surveyed 257 IT and infrmatin security prfessinals wrking at enterprise-class (1,000 emplyees r mre) rganizatins in Nrth America. All respndents were directly invlved in the planning, implementatin, and/r peratins f their rganizatin s infrmatin security plicies, prcesses, r technical safeguards. They were all als familiar with their rganizatin s cllectin and/r analysis f security data in supprt f their rganizatin s risk management, security analysis, and incident detectin/respnse strategies. T evaluate current and future data cllectin and analysis strategies, survey respndents were asked t respnd t questins in areas such as: Security data cllectin. Hw much security data is being cllected tday? What types f data are cllected tday? Are there additinal data feeds that rganizatins plan n cllecting r are interested in cllecting? Is the amunt f security data being cllected increasing? Security analysis activities. Why are large rganizatins cllecting mre security data? Wh cnsumes this data tday? Will thers cnsume it in the future? What challenges d rganizatins face with security analytics? Hw many tls are they using? D they have the right skills and staff t meet their needs? Is risk management r incident detectin/respnse driving their security analytics needs tday? Will this change in the future? Can enterprises mnitr the security f their entire IT infrastructure r are there cmmn blind spts? If there are blind spts, where are they? Security analytics technlgies. Hw many tls are rganizatins using fr GRC? Hw many are they using fr incident detectin/respnse? Is there security tls cnslidatin in either r bth f these areas? Can current security technlgies scale t address the grwth in security data cllectin? The use f prfessinal, managed, and security intelligence services. Are large rganizatins investing in security services? Why r why nt? If they are cnsuming security services, which nes are mst ppular? Are enterprises purchasing security intelligence subscriptin services? If s, which nes and wh is cnsuming this infrmatin? D security intelligence services help CISOs imprve risk management and/r incident detectin/respnse? If s, hw? The intersectin between big data and security analytics. D security prfessinals believe that security analytics has becme a big data applicatin? Why r why nt? If security analytics is becming a big data applicatin, what s driving this? D rganizatins have the right security and quantitative skills in place fr big data security analytics? 2012 by The Enterprise Strategy Grup, Inc. All Rights Reserved.

3 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics D enterprises have a big data security strategy in place? Hw will they develp the necessary skills? Will they buy cmmercial slutins r build their wn big data security analytics tls? Survey participants represented a wide range f industries including manufacturing, financial services, cmmunicatins and media, retail, gvernment, and business services. Fr mre details, please see the Research Methdlgy and Respndent Demgraphics sectins f this reprt by The Enterprise Strategy Grup, Inc. All Rights Reserved.

4 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Research Methdlgy T gather data fr this reprt, ESG cnducted a cmprehensive nline survey f IT and infrmatin security prfessinals frm private- and public- sectr rganizatins in Nrth America between August 7, 2012 and August 22, T qualify fr this survey, respndents were required t be familiar with/respnsible fr their rganizatin s infrmatin security plicies and prcedures, as well as the prcurement f IT prducts and services. Respndents were als required t have day- t- day knwledge f r familiarity with their rganizatin s cllectin and/r analysis f security data in supprt f their rganizatin s infrmatin security management strategy. All respndents were prvided an incentive t cmplete the survey in the frm f cash awards and/r cash equivalents. After filtering ut unqualified respndents, remving duplicate respnses, and screening the remaining cmpleted respnses (n a number f criteria) fr data integrity, we were left with a final ttal sample f 257 IT managers. Please see the Respndent Demgraphics sectin f this reprt fr mre infrmatin n these respndents. Nte: Ttals in figures and tables thrughut this reprt may nt add up t 100% due t runding by The Enterprise Strategy Grup, Inc. All Rights Reserved.

5 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Respndent Demgraphics The data presented in this reprt is based n a survey f 257 qualified respndents. The figures belw detail the demgraphics f the respndent base, including individual respndents rle in purchasing decisins, and day- t- day knwledge f r familiarity with the cllectin and analysis f security- related data t supprt the rganizatin s infrmatin security management strategy, as well as current jb respnsibility, respndent rganizatins ttal number f emplyees, primary industry, and annual revenue. Respndents by Rle in Purchasing Decisins Respndents current rle in infrmatin security technlgy purchasing decisins is shwn in Figure 1. Figure 1. Number f Tls Used t Analyze Data fr IT Risk Management Prgram T what degree are yu respnsible fr making purchase decisins related t infrmaan security technlgy prducts and services? (Percent f respndents, N=257) I influence purchase decisins, 36% Respndents by Current Respnsibility Respndents current respnsibility within their rganizatins is shwn in Figure 2. Figure 2. Survey Respndents, by Current Respnsibility I make/apprve purchase decisins, 64% Surce: Enterprise Strategy Grup, Which f the fllwing best describes yur current respnsibility within yur rganizaan? (Percent f respndents, N=257) IT Staff, 3% Other, 2% IT management, 39% Senir IT management (e.g., CIO, VP f IT, Directr f IT, etc.), 55% Surce: Enterprise Strategy Grup, by The Enterprise Strategy Grup, Inc. All Rights Reserved.

6 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Respndents by Number f Emplyees The number f emplyees in respndents rganizatins is shwn in Figure 3. Only rganizatins with 1,000 r mre emplyees qualified fr this survey. Figure 3. Survey Respndents, by Number f Emplyees Hw many ttal emplyees des yur rganizaan have wrldwide? (Percent f respndents, N=257) 20,000 r mre, 23% 1,000 t 2,499, 23% 10,000 t 19,999, 15% 2,500 t 4,999, 21% 5,000 t 9,999, 18% Respndents by Industry Surce: Enterprise Strategy Grup, Respndents were asked t identify their rganizatin s primary industry. In ttal, ESG received cmpleted, qualified respndents frm individuals in 19 distinct vertical industries, plus an Other categry. Respndents were then gruped int the brader categries shwn in Figure 4. Figure 4. Survey Respndents, by Industry What is yur rganizaan s primary industry? (Percent f respndents, N=257) Other, 17% Cmmunicabns & Media, 4% Manufacturing, 28% Gvernment (Federal/ Nabnal, State/ Prvince/Lcal), 5% Retail/Whlesale, 8% Business Services (accunbng, cnsulbng, legal, etc.), 8% Health Care, 9% Financial (banking, securibes, insurance), 20% Surce: Enterprise Strategy Grup, by The Enterprise Strategy Grup, Inc. All Rights Reserved.

7 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Respndents by Annual Revenue Respndent rganizatins annual revenue is shwn in Figure 5. Figure 5. Survey Respndents, by Annual Revenue What is yur rganizaan s ttal annual revenue ($US)? (Percent f respndents, N=257) $20 billin r mre, 16% Nt applicable (e.g., public sectr, nn- prfit), 3% Less than $100 millin, 5% $100 millin t $ millin, 14% $10 billin t $ billin, 11% $500 millin t $ millin, 17% $5 billin t $9.999 billin, 11% $1 billin t $4.999 billin, 24% Surce: Enterprise Strategy Grup, by The Enterprise Strategy Grup, Inc. All Rights Reserved.

8 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Cntents List f Figures... 3 List f Tables... 4 Executive Summary... 5 Reprt Cnclusins... 6 Intrductin... 8 Research Objectives... 8 Research Findings The ESG Big Data and Security Analytics Segmentatin Mdel Security Is Already a Big Data Prblem Security Data Utilizatin Security Data and Gvernance, Risk, and Cmpliance (GRC) Security Data and Incident Detectin/Respnse Security Operatins and SIEM Security Data and Threat Intelligence Security, Big Data, and Prfessinal Services Security as a Big Data Initiative Cnclusin Research Implicatins fr Technlgy Vendrs Research Implicatins fr IT Prfessinals Research Methdlgy Respndent Demgraphics Respndents by Rle in Purchasing Decisins Respndents by Current Respnsibility Respndents by Number f Emplyees Respndents by Industry Respndents by Annual Revenue by The Enterprise Strategy Grup, Inc. All Rights Reserved.

9 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics List f Figures Figure 1. ESG Big Data and Security Analytics Segmentatin Mdel Criteria Figure 2. Survey Respndents based n ESG Big Data and Security Analytics Segmentatin Mdel Figure 3. Security Data Cllectin and Analysis Cnsidered Big Data Figure 4. Amunt f Data Cllected t Supprt Infrmatin Security Analytics Activities n a Mnthly Basis Figure 5. Grwth in Amunt f Data Cllected fr Infrmatin Security Activities Figure 6. Data Types Cllected t Supprt Infrmatin Security Analytics Strategy Figure 7. Length f Time Organizatins Keep Security-Related Data Cllected Online Figure 8. Change in Amunt f Time Organizatins Keep Security-Related Data Cllected Online Figure 9. Frequency f Access t Histrical Security-Related Data Figure 10. Difficulties with Cllecting and Analyzing Data fr Infrmatin Security Activities Figure 11. Cllectin f Redundant Cpies f Security-Related Data fr Different Analysis Tls Figure 12. Primary Individuals r Grups That Cnsume Security Data Cllected and Analyzed Figure 13. Drivers t Cllect and Analyze Data as Part f Organizatin s Security Strategy Figure 14. Primary Reasn fr Cllecting Mre Data Than in the Past Figure 15. Frmal IT Risk Management r GRC Prgram Figure 16. Number f Tls Used t Analyze Data fr IT Risk Management Prgram Figure 17. Plans t Cnslidate t a Centralized GRC System t Analyze Data fr IT Risk Management Prgram.. 24 Figure 18. IT Risk Prfile Reprts Figure 19. Steps Organizatins Wuld Need t Take t Make IT Risk Prfile Reprts 100% Cmplete Figure 20. Types f Data That Present the Biggest Challenge t Achieve Gal f IT Risk Prfile Reprts That are 100% Cmplete Figure 21. Challenges with Incident Detectin Figure 22. Weakest Areas with Regard t Incident Detectin Figure 23. Weakest Areas f Endpint Device Security Mnitring Figure 24. Externally-Facing Web Applicatin Mnitring Figure 25. Has Organizatin Built and Staffed a Security Operatins Center (SOC)? Figure 26. Implementatin f a SIEM System Figure 27. Prblems Experienced with Organizatin s SIEM Figure 28. Use f External Threat Intelligence as Part f Infrmatin Security Analytics Activities Figure 29. Why Organizatin Des Nt Use External Threat Intelligence as Part f its Infrmatin Security Analytics Activities Figure 30. External Surces Used t Cllect and Analyze Security Intelligence Data Figure 31. External Threat Intelligence Areas Cllected Figure 32. Hw Organizatins Utilize External Security Intelligence Figure 33. Rles Which Have Access t and/r Review External Security Intelligence n a Regular Basis Figure 34. Number f Individuals Wh Have Access t and/r Review External Security Intelligence n a Regular Basis Figure 35. Effectiveness f Cmmercial Threat Intelligence t Help Organizatin Address Risk Figure 36. Use f Third-Party Service Prviders t Help Cllect/Analyze Security Data Figure 37. Reasns Why Large Organizatins Use Third-Party Services t Help Cllect/Analyze Security Data Figure 38. Areas in Which Large Organizatins Use r Plan t Use Third-Party Services t Help Cllect/Analyze Security Data Figure 39. Mst Imprtant Drivers That Wuld Encurage Organizatins t Undertake a Big Data Security Prject Figure 40. Data Scientist r Similar Jb Rle n Staff Figure 41. Current r Expected Big Data and Security Analytics Strategy Figure 42. Appraches t be Used if Organizatin Undertakes a Big Data Security Prject Figure 43. Biggest Challenges t Undertaking a Big Data Security Prject Figure 44. Number f Tls Used t Analyze Data fr IT Risk Management Prgram Figure 45. Survey Respndents, by Current Respnsibility by The Enterprise Strategy Grup, Inc. All Rights Reserved.

10 Research Reprt: The Emerging Intersectin Between Big Data and Security Analytics Figure 46. Survey Respndents, by Number f Emplyees Figure 47. Survey Respndents, by Industry Figure 48. Survey Respndents, by Annual Revenue List f Tables Table 1. Security Data Cllectin and Analysis Cnsidered Big Data Analyzed by the ESG Segmentatin Mdel 13 Table 2. Hw Organizatins Utilize External Security Intelligence Analyzed by the ESG Segmentatin Mdel Table 3. Number f Individuals Wh Have Access t and/r Review External Security Intelligence n a Regular Basis Analyzed by the ESG Segmentatin Mdel Table 4. Effectiveness f Cmmercial Threat Intelligence Analyzed by the ESG Segmentatin Mdel Table 5. Use f Third-Party Service Prviders t Help Cllect/Analyze Security Data Analyzed by the ESG Segmentatin Mdel All trademark names are prperty f their respective cmpanies. Infrmatin cntained in this publicatin has been btained by surces The Enterprise Strategy Grup (ESG) cnsiders t be reliable but is nt warranted by ESG. This publicatin may cntain pinins f ESG, which are subject t change frm time t time. This publicatin is cpyrighted by The Enterprise Strategy Grup, Inc. Any reprductin r redistributin f this publicatin, in whle r in part, whether in hard-cpy frmat, electrnically, r therwise t persns nt authrized t receive it, withut the express cnsent f the Enterprise Strategy Grup, Inc., is in vilatin f U.S. Cpyright law and will be subject t an actin fr civil damages and, if applicable, criminal prsecutin. Shuld yu have any questins, please cntact ESG Client Relatins at by The Enterprise Strategy Grup, Inc. All Rights Reserved.

11 20 Asylum Street Milfrd, MA Tel: Fax: