Security Analytics & Automation

Despite the fact that security teams already have a significant amount of information about events and activity in their environment, attackers are still able to evade detection and do real damage to organizations. Why is this? One reason is that many security teams are often overwhelmed by ‘alert fatigue,’ and given the sheer volume of adversaries and attack vectors, the adversary has often had a distinct advantage.

Today, however, security stands at a turning point. Analytic technologies and the ability to handle data at speed and scale are revolutionizing a number of IT sectors — and security is no exception. From the endpoint to the security operations center, the application of analytics to security is reshaping existing markets and creating new ones. Automation, meanwhile, has become a hallmark of modern IT, with security playing a role in everything from incident response to security orchestration for ‘infrastructure as code.’

Market Insight

ExtraHop jumps into security analytics and incident response with Reveal(x)

ExtraHop has begun 2018 by releasing Reveal(x), a product that builds on the vendor's performance-monitoring heritage with network traffic analytics in delivering advanced threat detection for enterprise security operations.

Technology & Business Insight

Machine Learning Signals a New Analytics Era in Security

Machine learning has security poised on the edge of a new era of analytics, with data-driven approaches promising to disrupt security processes while markedly improving detection, correction and harmony with business initiatives.

Market Insight

Splunk orchestrates acquisition of Phantom

Having transformed the user behavior analytics (UBA) market after the purchase of Caspida, Splunk now has the potential to similarly disrupt the security automation and orchestration (SAO) sector by reaching for Phantom.

Market Insight

Reduce fraud by reducing bot activity with web behavior analytics

When we talk about abusing business logic, we usually mean a bot attacks impersonating approved users and devices so the business inadvertently executes fraudulent transactions. The bots take advantage of website processes and account assumptions to use rules for promotions, purchases, gift cards and the like to their benefit. Traditional web security technologies are helpless against these attacks.

Market Insight

Security, ASAP! Toward an Actionable Situational Awareness Platform

In our reports and at conferences over the past year – most notably at our annual breakfast at the RSA Conference in March – we have introduced a concept that we call the Actionable Situational Awareness Platform (ASAP). What is ASAP, and how do we see it shaping the evolution of information security?

Market Insight

Industrial Internet Consortium releases ICS endpoint security best practices guidance

The Industrial Internet Consortium (IIC) has followed up on its 2016 Industrial Internet Security Framework (IISF) with a more detailed document outlining best practices for ICS and SCADA endpoint security.