WSi News2016-08-18 08:26:56
Trace3 Innovation Research Study on Cyber Security Predicts Consolidation, Greater Focus on User Behavior Analytics
Trace3 has released original research from its Innovation Research Team, designed to give CIOs a 360-degree balanced view of emerging technologies, including competitive benefits and potential drawbacks.
This study was conducted from the customer's point of view, gathering feedback from actual users, product demonstrations, published information and direct information from each solution vendor.
A majority of study participants expect that they will soon be breached or have already been breached and current signature-based threat detection is not a sufficient defense. This method leaves the enterprise perpetually one step behind, especially considering the difficulties of separating the signal from the noise in a continually growing avalanche of data. Actual threat detection quickly becomes an untenable task for even the most experienced security analysts.
User Behavior Analytics (UBA) has recently emerged to solve these problems by using machine learning to detect both external and insider threats, overcoming the shortfalls of signature-based security. By analyzing data from existing Security Information and Event Management (SIEM) and log aggregation applications, these solutions establish baseline behavior and then detect anomalies indicating possible threat actors.
"It is critical that the entire lifecycle of security operations—from prevention, detection, response and mitigation, to the ongoing feedback loop—must be unified by continuous monitoring and advanced analytics to provide context aware intelligence," said Mark Campbell, VP, Research at Trace3. "There is a burgeoning array of UBA solutions on the market today, but many are actually traditional signature-based solutions that have been re-branded with buzzwords like machine-learning or deep-learning."
The report reviews top SIEM-centric UBA solutions from Exabeam, Fortscale, Niara, Securonix and Splunk.
Key Research Findings:
Market Consolidation: Larger incumbent SIEM vendors will acquire the leading UBA vendors. Today several of the larger SIEM vendors, like HP, OEM their SIEM products' UBA features from emerging firms such as those in this study. Leading indicators point to a steady stream of UBA acquisitions in the coming 18 months, Splunk's pick up of Caspida being the first.
Solutions Consolidation: There will be a continued effort by the various UBA vendors to increase the number and variety of behavior data they consume, baseline and analyze. This means that the intersection between network, agent and SIEM-centric UBA tools will increase until the distinctions blur and disappear. Trace3 expects UBA approaches will merge to gather data from a growing set of sources with network, agent and SIEM data being tomorrow's table stakes.
UBA to Replace Signature-Based Solution for IDS: Signature-based solutions continue to fall behind current attack strategies as exhibited by the growing number of breeches in environments under their protection. UBA offers a compelling alternative that is becoming the obvious replacement. Moreover, Trace3 predicts that, in the longer term, UBA will merge with SIEM and portions of the IDS and DLP spaces.
Trace3 has released original research from its Innovation Research Team, designed to give CIOs a 360-degree balanced view of emerging technologies, including competitive benefits and potential drawbacks.
This study was conducted from the customer's point of view, gathering feedback from actual users, product demonstrations, published information and direct information from each solution vendor.
A majority of study participants expect that they will soon be breached or have already been breached and current signature-based threat detection is not a sufficient defense. This method leaves the enterprise perpetually one step behind, especially considering the difficulties of separating the signal from the noise in a continually growing avalanche of data. Actual threat detection quickly becomes an untenable task for even the most experienced security analysts.
User Behavior Analytics (UBA) has recently emerged to solve these problems by using machine learning to detect both external and insider threats, overcoming the shortfalls of signature-based security. By analyzing data from existing Security Information and Event Management (SIEM) and log aggregation applications, these solutions establish baseline behavior and then detect anomalies indicating possible threat actors.
"It is critical that the entire lifecycle of security operations—from prevention, detection, response and mitigation, to the ongoing feedback loop—must be unified by continuous monitoring and advanced analytics to provide context aware intelligence," said Mark Campbell, VP, Research at Trace3. "There is a burgeoning array of UBA solutions on the market today, but many are actually traditional signature-based solutions that have been re-branded with buzzwords like machine-learning or deep-learning."
The report reviews top SIEM-centric UBA solutions from Exabeam, Fortscale, Niara, Securonix and Splunk.
Key Research Findings:
Market Consolidation: Larger incumbent SIEM vendors will acquire the leading UBA vendors. Today several of the larger SIEM vendors, like HP, OEM their SIEM products' UBA features from emerging firms such as those in this study. Leading indicators point to a steady stream of UBA acquisitions in the coming 18 months, Splunk's pick up of Caspida being the first.
Solutions Consolidation: There will be a continued effort by the various UBA vendors to increase the number and variety of behavior data they consume, baseline and analyze. This means that the intersection between network, agent and SIEM-centric UBA tools will increase until the distinctions blur and disappear. Trace3 expects UBA approaches will merge to gather data from a growing set of sources with network, agent and SIEM data being tomorrow's table stakes.
UBA to Replace Signature-Based Solution for IDS: Signature-based solutions continue to fall behind current attack strategies as exhibited by the growing number of breeches in environments under their protection. UBA offers a compelling alternative that is becoming the obvious replacement. Moreover, Trace3 predicts that, in the longer term, UBA will merge with SIEM and portions of the IDS and DLP spaces.
For more information contact:
