Published on December 7th, 2016 | by Tony Thompson
Forrester Spotlights Security Analytics Vendor Landscape
Forrester recently published its Vendor Landscape: Security Analytics (SA) report, and there’s one theme we believe resonates more than any: Network visibility and insight is key to responding quickly to breaches that have slipped past your preventative measures. (If you’re a Forrester client, you can download the full report here.)
According to the report, authored by Forrester’s Joseph Blankenship, “SA solutions promise to detect cyber threats and enable security teams to respond before they cause a data breach.”
One might ask why this would be important considering all the security products categories that exist today. Well, Forrester surveys found that “a whopping 96% of enterprise security decision-makers rate improving security monitoring capabilities as a priority.”
From our perspective, one could easily infer from this research, and the fact that so many breaches are continuing to occur, is that security information management (SIM or SIEM) technologies are not living up to the expectations for detecting today’s advanced threats. This is where SA can play a roll, and likely why Forrester cites that “SA is the evolution of SIM.”
SS8 is certainly honored to be recognized in this latest vendor landscape report. SS8 BreachDetect is a standalone security analytics and network breach detection platform that analyzes and decodes network traffic and protocols, generating High-Definition Records (HDRs), to enable a security analyst to find the threats that matter most in the least amount of time.
And that last notion about “time” is key. The ability to reduce detection time while simultaneously increasing response speed are a security team’s best bet to keep the enterprise’s costs of a breach, both financially and reputationally, at a minimum.
And while many enterprises today rely on SIM solutions to answer their questions surrounding network breaches, the reality is that SIMs (or SIEMs) weren’t designed for breach investigations.
The information flowing into and out of an enterprise network is so diverse, meaning the security analytics solution you choose must be able to make sense of the data, as well as quickly identify any patterns that could point to malicious activity.
Switching from a SIEM solution to an SA solution with network traffic analysis capabilities will enable you to:
- Find breaches you didn’t know about before. Rule-based solutions like SIEMs are only able to detect known threats. Solutions like SS8 BreachDetect analyze the behavior of applications to detect threats that were previously unknown.
- Get convictions, not hunches. Rule-based solutions are known for generating a large number of false positives that greatly impeded investigation time. With the detection accuracy of an SA solution like BreachDetect, an analyst can focus on investigating actual threats rather than spending time chasing alerts that end up being nothing.
- Greatly increase network visibility. Many breach events are slipping past traditional preventative methods and biding their time undetected on the network. Because of an organization’s lack of network visibility, these breaches can spend nearly a year undetected while exfiltrating critical data off the network.
The SS8 “time machine” model for breach detection is constantly analyzing an enterprise’s communication history and application behaviors to find newly discovered breaches that may have been hiding on the network. Once the analysis is complete, data is presented in a simple visual view that reduces guesswork and allows an analyst to take quick and decisive action to remove any compromised devices of interest.
Hats-off to Joseph at Forrester for digging into the security analytics topic.
Sanjana Chand is a breach detection product marketing manager for SS8.
 Forrester, “Vendor Landscape: Security Analytics (SA),” Joseph Blankenship, Nov. 15, 2016