There’s no doubt “Security Analytics” is one of the hot buzzwords of the moment. Many organizations are looking for Security Analytics tools and expecting to get immediate value from them. However, as Anton said on this tweet:
Cargo-cult security analytics: “but we have the same system as <big bank X”, how come we don’t see value?” — Got the same team using it?
— Dr. Anton Chuvakin (@anton_chuvakin) October 5, 2015
It’s still not magic; if you want value from those tools, you must have the right people to operate and use the data coming from them. I was discussing this with Alexandre Sieira (@AlexandreSieira) earlier today and he said something great about that: these tools should not be known as “security analytics”, but as “security analytics support”.
Just like when you buy a fishing rod; you are not buying fish, or even “fishing”. You are just buying the tool used when fishing. Keep this in mind when you shop for “security analytics [support] tools”.
from Augusto Barros http://ift.tt/1FRTMdW