LATEST INTELLIGENCE
Nine Metadata Use Cases : How to Use Metadata to Make Data-Driven Decisions
Understanding the State of Network Security Today
We have reached that point . The one where there is so much data on the network - in terms of volume , variety of data types , and speed at which it moves - that detecting good traffic from bad is not only costly , but , with the high signal-to-noise ratio , almost impossible for most security tools to handle . Attackers know this , and they understand how easy it is to go unheard - and unseen - in all that noise .
Unfortunately , we have also reached the point where there is too little time and too little compute resources to efficiently correlate all the information required to build relevant context to make accurate predictions on potential security threats . This includes more than the attacks coming from outside the network ; security teams can also easily miss insider abuse hidden within the noise .
No doubt , today ’ s advanced security information and event management systems ( SIEMs ) can help . They are valuable correlation engines capable of ingesting a great many different things . However , for all the promise of Big Data , it remains difficult to manage enough compute across all the required and varied data sets to draw inferences about whether logged or observed system events are good or bad .
To create context about an event , certain information is needed . For instance , it is important to know the IP of a machine in question ; which user is currently logged on it and which user had been on it historically ; what website was visited ; what content delivery network ( CDN ) was used ; what sort of certificate was sent when SSL began ; who signed it ; and more . And this is all before any inferences can be made .
Research Methodology and Goals In the second half of 2016 , Gigamon commissioned the Enterprise Strategy Group ( ESG ) to conduct a survey of 300 IT and cybersecurity professionals . Respondents to the survey all had responsibility and involvement in the planning , implementation , and / or operations of their organization ’ s security policies , processes , and technical safeguards . Participants also had purchase decision-making authority or influence for network security products and services .
Survey respondents were located in North America and Western Europe . Multiple organization sizes were represented in the respondent base : 25 % of respondents worked at organizations with 100-499 employees , 34 % at organizations with 500- 999 employees , and 41 % at organizations with 1,000-4,999 employees . The survey included representation from many industries including manufacturing ( 22 %), retail / wholesale ( 11 %), financial services ( 16 %), business services ( 8 %), health care ( 5 %), and communications and media ( 4 %).
This research project was undertaken to evaluate the challenges , changes , best practices , and solution requirements for network security operations and network security tools . Respondents were questioned about organizational characteristics including staffing , coordination , and time to evaluate new technology . Respondents were also asked about technology considerations such as the use of automated models compared with manual processes , types of network visibility tools in use , use of security monitoring functions , and current and planned reliance on third-party services for network security .
Download white papers free from www . intelligentcio . com / me / whitepapers /
www . intelligentcio . com INTELLIGENTCIO
15