Analytics—it’s a hot topic in a variety of industries, not just in security. The new form of currency is data; and with that, we can garner a plethora of information. The only things we need are time, the right set of skills, and a robust path to follow. When these traits combine, it creates a perfect triad—constructing a data analytics program that can assist existing security teams in their day-to-day activities. But is it really that easy?
We know that analytics isn’t a one-stop shop. It is, in fact, a meticulous approach that intelligently sorts data, groups them into logical aggregations, and highlights the most important items to consider creating your optimal data analytics architecture. Everything else within a security team—before and after this general workflow—is similar to today’s processes.
Setting up a security analytics program has its own set of challenges. From technical expertise, to process updates and intensive number crunching, creating a successful program can seem like a huge task. The HPE Applied Security Research team has created a technical whitepaper to break down this barrier along with any other myths surrounding security analytics: “Analytics in security.”
This paper discusses some generic concepts about analytics, along with a use case that handles the process and technical aspects of setting up a program from scratch. The use case details the process to develop an analytics algorithm, along with the technical details, as well. Readers wishing to jump-start their security analytics program may benefit from the tips and pitfalls pointed out by the research team based on our experiences.