Meritalk's Cybersecurity Survey: Too Much Data and No Complete Story - Exabeam

Meritalk’s Cybersecurity Survey: Too Much Data and No Complete Story

May 05, 2015


Reading time
3 mins

A recent survey of federal, state and local agencies by Meritalk tells a very interesting story. Five key facts stand out:

  • 68% of cyber pros say their organization is overwhelmed by the volume of security data and 76% believe their security team is often reactive instead of proactive.
  • 78% say at least some of their security data goes unanalyzed due to a lack of time and/or skill from their team.
  • 9 out of 10 cyber pros say they cannot tell a “complete story” with cybersecurity data.
  • While 70% of cyber pros say their organization can monitor streams of cybersecurity data in real time, fewer can analyze the data and;
  • Root-cause analysis is successful only 49% of the time.

These five facts tell an interesting story. Cybersecurity professionals believe that all data is security relevant and should be looked at as part of a security investigation. However, the cybersecurity skills shortage affects many information security teams working at government agencies. There aren’t enough good people. Senior analysts are overwhelmed, concerned about missing clues and getting to wrong root cause analysis. The amount of manual work required to properly prioritize a thousand or more critical alerts means possibly making mistakes and not getting to the right ones in a timely manner. They are bombarded with mountains of data 24/7.

Security teams don’t feel confident about understanding and telling a complete, accurate story about what led to a data breach and how it occurred.

Security teams have to decide to not purchase any system that don’t help them find the problem and make them operationally efficient. User behavior intelligence solutions need to accomplish both goals:

  • First, they start at the end of the usual security investigation process by constantly learning and defining normal behavior patterns of access and access characteristics for credentials. This means the system starts with data that goes unanalyzed and uses it to define what’s abnormal.
  • Second, the system sifts through all the noise looking to assign alerts to credential activities. It constantly asks, who has had an active session on a system associated with a security alert and associates it to them.
  • Finally, It creates a user session timeline from log-on to log-off, providing a complete story of what the credential did while tracking attackers across identity and credential switching to various systems.

This approach provides a very needed reprioritization of critical alerts by automatically associating them with credential behaviors, indicating account takeover and an attacker is already inside the network. While a lot of data collected by the security team may be security related, user behavior intelligence solutions do the hard job of pre-selecting the data that’s most relevant to get to accurate root cause analysis.


Similar Posts

Exabeam News Wrap-up – December 1, 2022

Exabeam Achieves ISO 27017 and ISO 27018 Certifications

36 InfoSec Resources You Might Have Missed in October

Recent Posts

Exabeam News Wrap-up – December 1, 2022

Exabeam Achieves ISO 27017 and ISO 27018 Certifications

Understanding UEBA: From Raw Events to Scored Events

See a world-class SIEM solution in action

Most reported breaches involved lost or stolen credentials. How can you keep pace?

Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.

Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.

Get a demo today!