26 C
Jaipur
Friday, October 23, 2020

3 Steps for Businesses to Prepare to Adopt Security Analytics

Must read

What to stream this weekend: Borat Subsequent Moviefilm and more highlights

With so many shows and movies to choose from on Australia's major streaming services, it can often be difficult to find the best new...

How to watch the Presidential Debate: time and live stream channels

Update: We've added the Presidential Debate live stream YouTube video below so you can watch the debate right on this page. It comes from...

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Over the past decade, cybersecurity has risen to the top of the list of mission-critical business functions. It has happened because the internet has become a central part of many core business activities, and rapid digitization has created some serious risks. One need only look at the laundry list of major data breaches that have taken place in recent years to understand the scope of the potential for trouble.

That has, in turn, spawned a huge new industry dedicated to securing all of the data, systems, and digital assets that businesses have to protect. They’ve produced a sophisticated suite of tools and platforms that increase a business’s visibility into where their data flows, who’s accessing it, and where the vulnerable points are in their networks. But operating a complex monitoring apparatus like that often requires vast resources and teams of highly-trained cybersecurity professionals – and that costs a great deal of money.

For that reason, businesses are constantly looking for ways that they might maintain their security while reducing costs. And now, the rising discipline of data security analytics is getting closer than ever to providing an answer by enabling advanced threat detection and mitigation that leverages automation to reduce the burden on overburdened IT staff. But to use it, businesses have to prepare their infrastructure to facilitate a system-wide analytics function. Here are the three most important steps they need to take.

Initial Data Collection

No matter what computing infrastructure is in use, there is one thing that is certain. It’s likely already generating huge amounts of data related to its operation and management. That means the first step to prepare to implement a security analytics system is to identify those data streams and integrate them into a central database system. There’s no single set of steps to follow to do this since no two computing environments are ever alike. Generally speaking, though, the on-staff network administrators and IT professionals should have a pretty good idea of where to start looking. Common data points within a business network include:

  • Server security logs and operational data
  • Network hardware logs (firewalls, routers, access points, etc.)
  • Endpoint security logs
  • Web activity logs and connection data

The idea is to try and discover any pre-existing data sources that provide visibility into the goings-on within the network. When that’s complete, it will be possible to start building connections to a database system.

Data Transformation and Normalization

When merging data that’s coming from distinct sources and systems, there’s little chance that the data will follow a single format or structure. That’s why the next step is to create a data transformation and normalization process that will be able to bring everything together in a single, coherent data structure.

In many cases, this can be accomplished by creating simple scripts that make the required transformations to the data before committing it to a database. Commonly, this is done using SQL scripting or Python, depending on the type of destination database. For complex data sets, or for when the volume of data you’re working with is too great, it may be necessary to choose an extract, transform, load (ETL) platform to act as a middleman in the process being built.

The main idea is to identify common data fields and to make sure they all end up using standardized names within the new database. For example, common data points like IP addresses, port values, and timestamps may be reported differently by differing systems and hardware. Making sure all of the data uses common language makes it possible to perform searches against it that will yield complete results.

It’s also important to note that businesses may elect to use a security information and event management (SIEM) platform to handle this step for them. Most commercially available systems can handle data aggregation and standardization using built-in functions. The only downside to doing this is that businesses that go this route can become locked-in with a particular vendor, which limits their options for expansion and customization as their needs change.

Identify Stakeholders and Point People

With a new data infrastructure in place, the next step is to identify all of the stakeholders within the business that will need access to the security analytics system. This may include on-staff IT managers and cybersecurity professionals but might also include members of the business’s executive management team. By figuring out in advance who’s going to need to see what data, it’s much easier to settle on an automation system that will produce periodic pre-defined data reports when required.

For example, non-technical staff may not need access to anything more than top-line security metrics reporting, while front-line security staff will need to access a wide variety of in-depth reports and will need the ability to query the security data at will. This will inform the decision on what kind of access system to use, or if a more complex, AI-augmented system is needed.

A Solid Base to Start With

After undertaking these three steps, any business should be able to get a handle on the cybersecurity data that’s available to them, centralize it into a single format, and plan for how it will be used and by whom. That then unlocks the door to more advanced security analytics functions, including the deployment of a security orchestration automation and response (SOAR) system that can provide a more active defense against known and emerging threats.

At the same time, starting on the path to security analytics also tends to reveal weaknesses in existing systems because of the need to get hands-on with every part of the infrastructure in the data discovery phase. So, no matter how the results of the process are eventually put to use, it’s still a worthwhile undertaking. And as new and more complex cybersecurity threats evolve – and they will – any advantage a business can get is one that they should explore at the earliest possible moment.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

What to stream this weekend: Borat Subsequent Moviefilm and more highlights

With so many shows and movies to choose from on Australia's major streaming services, it can often be difficult to find the best new...

How to watch the Presidential Debate: time and live stream channels

Update: We've added the Presidential Debate live stream YouTube video below so you can watch the debate right on this page. It comes from...

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Flipkart: Flipkart, Reliance Jio deals push VC inflows to $3.6 billion in September quarter : Report – Latest News

Despite the pandemic-driven recession, venture capitalists continued to invest dollars into the country with September quarter seeing investment inflows more than doubling to USD...