Security behavioral analytics: The impact of real-time BTA
In this Security School video, Johna Till Johnson, CEO and founder of Nemertes Research, explores security behavioral analytics, highlighting the pros of real-time BTA to help you understand if your organization could benefit from the program.
Johnson opens by noting that for security pros the problem is that there is "simply too much data" and not enough information on what's really going on, the kind of information that comes from doing security behavioral analytics in real time. The key to true security is to have the ability to correlate information quickly enough to catch and prevent threats, not merely gather data. With real-time BTA, a company security system is able to learn what indicates a real threat. Recently, Johnson helped a company reduce their 500 threat alerts and false positives they were getting a day to three or four true threats per day -- a number much more manageable for their security team to handle.
According to Nemertes Research's 2016 benchmark, 100% of the most successful security organizations are using real-time BTA. This, Till Johnson says, goes to show that the process is not, and should not be, about analyzing the behavior of systems but conducting security behavioral analytics in real-time to uncover high-priority threats.
Successful use of real-time BTA requires a "relatively mature security architecture." Till Johnson defines this term and explains what a "next-generation security architecture" is designed to do. It helps, she says, to look think of it as a series of layers. The bottom layer represents the resources and items that need to be protected, such as applications, servers and physical devices. To protect those items requires a protection systems layer, which consists of more traditional security devices like data leak protection, secure web gateways and next-gen firewalls, identity and access management, antimalware -- all the essential, traditional tools. Then comes detection and monitoring layer, like SIEM. Then comes advance security analytics -- and this is where real-time BTA lives.
It's a complex structure that may seem overwhelming, but Johna Till Johnson explicates the security behavioral analytics architecture along with the benefits of real-time BTA, what companies use it, the basics and differentiators, and how to determine whether or not real-time BTA is right for your organization. She makes the case that real-time BTA provides crucial benefits for the most sophisticated organizations.
Listen to Till Johnson full presentation on security behavioral analytics and its role in IT security. You'll learn why the "time is ripe to conduct an assessment and plan for deployment" on real-time BTA.