The cyber-security industry has been in talks about the junction of big data and cyber-security analytics for years and as part of the threat intelligence research project, ESG surveyed 304 cyber-security professionals working at enterprise organisations.
The 1,000+ employees were asked what types of internal security data they collect, process and analyse on a regular basis. Around 40 percent of companies collect and analyse 13 various types of data. The highlights include:
More than half (52 percent) of organisations cover endpoint forensic data. Endpoint forensic analysis could help define specific anomalous system activity making it a great counterpart to network sandboxes and commercial threat intelligence.
Sensitive data access and usage are monitored by 48 percent of enterprise organisations. It has become a best practice as a remedy to APTs and data exfiltration.
Endpoint/server profiling monitors the state of each device—configuration settings, hardware configurations, installed software patches, etc. It is covered by 46 percent of organisations.
Network packet capture data is monitored by 41 percent of organisations. Network forensic data is a perfect match to endpoint forensic data analysis.
Big data security analytics will continue to grow in capacity and complexity as 35 percent of enterprises plan to collect a significant amount more of internal cyber-security data in the next year or two.