In November 2015, sans released its third security analysis and Security Intelligence Research Report 2015 edition (Analytics and Intelligence Survey 2015). The report interviewed a total of 476 professionals from companies and organizations around the world. This year's research is deeper than last year.
Research shows that compared to last year, the security analysis and security Intelligence awareness is higher, the application is more, but there is still a small gap between the ideal target, especially qualified practitioners (analysts) shortage problem more prominent. The issue of the application of big data technology to security analysis has been recognized by more people. Compared to the problem of big data of security data, people pay more attention to what security analysis can analyze. In addition, the degree of satisfaction with the application of abnormal behavioral analysis techniques has risen slightly (albeit still relatively low) in this aspect of analytical methods.
The report shows that security teams are integrating network-based and host-based security intelligence into a centralized analytics platform, with 43% per cent of respondents saying they have integrated intelligence data from external threat intelligence vendors, and 31% plan to integrate external threat intelligence. This suggests that the integration of external threat intelligence has become a consensus. 44% of respondents said they collected threat intelligence internally and used the information.
The automation of security analysis and intelligent processing is an important index of the maturity of security analysis capability , and the survey results show that the level of automation is still relatively low, indicating that this kind of technology is still developing.
Surveys show that the five most valuable functions of security analysis and intelligence tools are:
Assess risk based on the threat indicator obtained;
Detection of external malicious code-based threats;
Gain visibility into network and terminal behavior;
Establish a baseline of system behavior and implement anomaly-based monitoring;
Compliance Monitoring and management
Again asked "What is the biggest hurdle in discovering and tracking attacks", the top three factors are:
Lack of people and skills/resources
Lack of centralized reporting and remediation of control measures
Inability to understand and identify normal behavior
On the lack of talent, the report says, finding these skill sets in today's marketplace is difficult due-incredibly high demand for top talent th At understands SIEM and correlation, forensics, event management and now, with analytics on the mix, pattern analysis Acro SS Large Diverse datasets
When asked about the "future investment in security analysis" area, the rankings are:
Personnel and training--64% people to choose this
SIEM Tools and Systems-last year, Siem ranked third, this year to the second, accounting for 45%
Integrated IR (Emergency response)
Threat Intelligence (TI)-related products, platforms, and services-43% of those surveyed
Detecting/SOC Upgrades
Big data analytics engines and tools-up from 21% last year to 34%
Workflow Management System
MSSP
It is worth mentioning that, in the 2013 survey, the preferred investment target is Siem, followed by the people and training; by the year 2014, the preferred investment target has become human and training, followed by emergency response capability, and the third is Siem; This is the first of the people and training, and Siem becomes the second, Emergency response ranked third and threat intelligence leaped to fourth. It can be said thatSiem is basically the preferred bearer technology for security analysis and intelligence .
All of these pre-ranked technical capabilities are essentially the category of smart SoCs defined by Gartner (SIEM, IR, workflow).
BTW, it's interesting to look at the question of the questionnaire and the options for the answer.
Reference
SANS:2014 Annual safety Analysis and Security Intelligence Research Report
SANS:2013 Annual Safety Analysis Survey Report
SANS:2014 Annual Log Management survey report
SANS:2012 Annual Journal Management Survey Report
SANS:2011 Annual Journal Management Survey Report
SANS:2010 Annual Journal Management Survey Report
SANS:2015 Annual safety Analysis and Security Intelligence Research Report