Enterprises are Analyzing Lots of Internal Cybersecurity Data

The cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years but is this actually a reality or nothing more than marketing hype.  The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, only reinforces my belief that big data security is tangible today, and enterprises will only double down in the future (note: I am an ESG employee).

As part of the threat intelligence research project, ESG surveyed 304 cybersecurity professionals working at enterprise organizations (i.e. more than 1,000 employees), and asked them which types of internal security data they regularly collect, process, and analyze today.  It turns out that around 40% of enterprises collect and analyze 13 different types of cybersecurity data.  At the top of the list:

It’s also worth noting that 35% of enterprises plan to collect “significantly more” internal cybersecurity data over the next 12-24 months so big data security analytics initiatives will continue to grow in data capacity and complexity.  I expect more big data technologies and data scientists to elbow their way into this market as this happens.  Heck, we’ve already seen examples of this with Splunk buying Caspida while vendors like Cloudera, Hortonworks, and Sqrrl add cybersecurity algorithms to their platforms. 

All of this data collection, processing, and analysis seems like a good thing for as Sun Tzu stated, “If you know the enemy and know yourself, you need not fear the results of a hundred battles.”  Following this advice assumes that we can turn cybersecurity data into actual knowledge, actions, and countermeasures.  This is the real challenge facing the enterprise cybersecurity community. 


Jon Oltsik