Everyone who has worked in security knows it is a hard sell. It is impossible to guarantee full security and if you do your job properly, nothing is supposed to happen. These inconvenient properties originate from a lack of level playing field between offence and defence. Security analytics is our ticket past this barrier.

In the current state of corporate security, compliance is often king. As setting up organisational baselines and auditing against them is the easiest way of getting to a first degree of maturity, this is not a surprise. Nevertheless, this has set a precedence where security tends to be annoying and is rather agnostic from the real world that adversaries live in.

Fighting Uneven Battles
On the other side of the line, we have a group of attackers who adapt and innovate by the day. Therefore, the current battleground is an uneven one: for every wall an organisation throws up, the fast-moving attackers already came up with ten new ways around it.

In science, the inequality of information security is voiced as the “Fortification Principle”. This principle stipulates that “the defender has to secure himself against all attack vectors, whereas the attack only needs to attack one”. Popularly put, we have to fulfil our job perfectly every single day, whereas an attacker only needs one stroke of luck.

Security Analyitics: Levelling the Playing Field
In order to make security a fair battle again, it is necessary to stop approaching it as traditional mathematics and to start seeing it as war-games. The defence needs to learn and adapt as well. Furthermore, as generals do, we need to collect intelligence on our enemies and regroup when necessary.

Security analytics enable the shift from traditional security to adaptable security. By analysing all our internal data, we gain a great overview of our landscape. By using big data techniques on public sources, we can generate intelligence on possible attackers. Such a panoramic picture makes it possible to be at even terms with adversaries again. For this reason, security analytics has the future.

Leave a Reply

Your email address will not be published. Required fields are marked *