My Top Security Data Science Predictions for 2016

Security remains a top news item this year. We see increased activities to address security in enterprises and the product marketplace in 2015.  I offer my predictions on the top trends in security analytics for 2016. They are:

1. Data science as a de-facto tool for cybersecurity

Cybersecurity traditionally has been relying on signature-based and rule-based approaches to detect bad activities.  The use of data science has emerged only in recent years.  This technology trend parallels that of fraud detection in credit or banking industry.  Starting from rule- and signature-based systems, the financial industry moved to risk-based systems using analytics to catch evermore sophisticated fraud activities.  The cybersecurity domain is no different.  In 2015 we’ve seen increased activities in data scientist hiring and a broader interest in the use of machine learning and data analytics among enterprises security offices.

2. Increased Marketing Noise in Security Analytics

In 2015, new and old security product vendors are marketing data analytics.  But this also creates confusion in the market as there is neither a standard for data analytics tools, nor benchmark data sets to compare analytics procedures.  If you are in the marketplace, do your due diligence in understanding the security products under the hood.

3. Spark!

In its very short history, the open-source Apache Spark has become mainstream, especially with Databricks, IBM, and Cloudera supporting it in 2015.  Its ability to stream and analyze data in close to real time will drive adoption in many verticals and applications.  Security analytics will be no exception.  However, Spark is not a panacea to all security data analytics, as not all problems can be addressed by data parallelization.  Security systems that are designed to leverage stateless data parallelization and to accommodate stateful event tracking will enjoy an advantage.

4. New Emerging Use Cases from the Security Data Lake

With advent of Big Data technology, storage and access to massive datasets is no longer an issue.  Where there is data, there is potential for new use cases.  Besides standard security data, such as proxy or AD logs, I see a wide variety of data sources coming together.  The potential for fusing signals from different sources is great; for example, combining data from physical and logical infrastructure access for better alerting context.

5. More Acquisitions and/or Partnerships

Pace of data analytics technology advancement has quickened in 2015, while the marketplace demands new security products.  Large and established security players may have difficulty retrofitting their legacy products to meet the state-of-the-art in a timely fashion.  As a result, we saw a number of security startup acquisitions in 2015.  As the security climate continues into 2016, we should expect more acquisitions and/or partnerships activities among security vendors.

6. Difficulty in Data Scientist and Security Analysts Hiring

No surprise here.  Data science skills, as well as security expertise, has always been in shortage and will continue to be so.  Expect the talent acquisition war to continue.

That’s all, folks!  See you in 2016.