Alex Andrianopoulos vice president of Marketing Guidance Software

A study by EMA Research found that organizations using security analytics and threat analytics are nearly two times as confident of detecting security issues and 90 percent report reduced false alerts compared to those not using these tools. The study titled “The Evolution of Data Driven Security” investigated how security and IT practitioners at all levels and in a variety of industries are managing the ever increasing data volumes and diversity.
 
“Protecting organizations from security threats has grown in complexity and effort.  Whether it is measured by the rising number of threats, the unending number of alerts, or the high percentage of false positives, security teams are struggling,” said David Monahan, Research Director, EMA Research.  “This report indicates that the most effective tool in the security team’s arsenal is security analytics / threat analytics.  The study showed enthusiastic usage of security analytics / threat analytics by 38 percent of the respondents, who are indicating that these tools are improving their detection and response times, lowering the number of false positives, and increasing their confidence in being able to handle serious security threats.”
 
Based on more than 200 security and IT respondents, the research analyzed various aspects of 13 security technologies used in security management. These technologies included both traditional security tools such as web security gateways, network access control (NAC) and security incident and event management (SIEM), as well as many recently introduced approaches, such as advanced persistent threat (APT) / advanced targeted attack (ATA) detection, cloud application security and advanced security analytics (SA) or threat analytics (TA).
 
Highlights of the survey results:
 
Reduction in false alerts: Ninety percent of organizations who use security analytics have seen a decrease in false alerts or an improvement in actionable alerts by security personnel.

Faster recovery: Organizations who use security analytics / threat analytics are twice as likely to recover in minutes from unplanned incidents compared to those who don’t use analytics.

Decrease in frequency and duration of investigations: Organizations who use security analytics / threat analytics are more than 50 percent more likely to have experienced reduced frequency and duration of investigations compared to those who don’t use analytics.
 
“The EMA security study reaffirms the significant value that our EnCase Analytics customers gain from its ability to offer rapid detection of advanced persistent threats (APTs) hiding in the enterprise. With deep and enterprise-wide endpoint visibility, EnCase Analytics customers are able to proactively hunt for APTs by detecting anomalous activity and pinpointing signs of security threats early,” said Alex Andrianopoulos, vice president, Marketing for Guidance Software.  “As organizations gain a better understanding of the value of security analytics to recover faster, decrease the number and frequency of investigations and significantly reduce false positives, we expect usage of these tools to increase.”
 
Security analytics users are better prepared to battle today’s cyber threats, both inside and outside of the company. The survey also found a correlation between establishing comprehensive baselines and responding to incidents based on assets at risk. As a result, the EMA Research study showed that using security and threat analytics increased the confidence of detecting important security incidents, accelerated response times and reduced false positives