Given the challenges in detecting attackers, clearly existing approaches to threat detection aren’t working well enough. As such, innovative companies are bringing new products to market to address the perceived issues with existing technologies. These security analytics offerings basically use better math to detect attackers, leveraging techniques that didn’t exist when existing tools hit the market 10 years ago. The industry’s marketing machinery is making these new analytics tools akin to the Holy Grail, but per usual the hype far outstrips the reality.

Security analytics is not a replacement for SIEM — at least today. For some time you will need both technologies. The role of a security architect is basically to assemble a set of technologies to generate actionable alerts on specific threat vectors relevant to the business, investigate attacks in process and after the fact, and generate compliance reports to streamline audits. These technologies compete to a degree, so we like the analogy of a Team of Rivals working together to meet requirements.

This paper focuses on how to align your security monitoring technologies with new security analytics alternatives to better identify attacks, which we can all agree is sorely needed.

We’d like to thank McAfee for licensing the content. We are grateful security companies like McAfee and many others appreciate the need to educate their customers and prospects with objective material built in a Totally Transparent manner. This allows us to do impactful research, and protect our integrity.

You can download the paper (PDF)

Securosis_SATeamofRivals_FINAL.pdf [648KB]