Security analytics scores high in value, low in penetration
It's a very new technology, explained David Monahan, research director at Enterprise Management Associates, the research firm that did the study.
However, there have been significant advancements in both machine-learning algorithms and analysis techniques over the past two or three years, he said.
The survey covered 18 emerging securities technologies, and advanced threat analytics tied for first place with cloud data encryption and threat intelligence feeds.
In addition, 25 percent of respondents at large enterprises who were already using security analytics said they received greater than expected value from advanced security analytics, and 75 percent said they got the value that they expected.
Of mid-sized companies, 27 percent received greater than expected value, and only 3 percent said they got less than expected value.
In particular, 95 percent said they were confident of their ability to detect a security issue before it had significant impact.
The survey also showed that 62 percent of respondents said that they get too many security alerts and false positives to handle -- but the numbers varied greatly by company size.
Of the large enterprises, 100 percent said that they had too many alerts and false positives, but only 50 percent of respondents at mid-sized companies said the same.
Surprisingly, of the small companies surveyed, none said that they have too many alerts.
"I think it's because they're not able to watch what's going on in detail," said Monahan.
Survey respondents were also asked to rank the reasons for purchasing security analytics, and 57 percent said that the tools provided highly actionable intelligence and the context needed to prioritize security incidents.
Lowering the rate of false positives was actually in last place among all the respondents, at 29 percent.
According to Mike Paquette, vice president of security products at Prelert, the company that sponsored the study, security analytics can be used to examine alerts coming in from security devices and find those that are out of the norm, and also to look through other types of traffic data to detect indicators of compromise.
"So it helps to reduce the noise and single out things that are unusual, and helps find things that you can't detect with today's infrastructure," he said.
Paquette also said that good security analytics are a critical foundational step that enables firms to move toward automated incident response.
"The consequences of erroneous automation are high," he said. "So you have to have good confidence that the analytics are producing high fidelity results."