Cybersecurity industry and the intersection of big data

The cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years, but is this actually a reality or nothing more than marketing hype? The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practicesonly reinforces my belief that big data security is tangible today, and enterprises will only double down in the future.

As part of the threat intelligence research project, ESG surveyed 304 cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees), and asked them which types of internal security data they regularly collect, process, and analyze today. It turns out that around 40% of enterprises collect and analyze 13 different types of cybersecurity data. At the top of the list:


  • 52% of enterprise organizations collect, process, and analyze endpoint forensic data. It came as a surprise to me that endpoint forensic data analysis came out on top but it does makes sense given all of the social engineering attacks of late. Endpoint forensic analysis can help pinpoint specific anomalous system activity, so it is a great complement to network sandboxes and commercial threat intelligence feeds. Some organizations do endpoint forensics on an ad-hoc basis using open source tools but many are adopting commercial tools from vendors like Bit9 + Carbon Black, Guidance Software, or RSA (ECAT).
  • 48% of enterprise organizations monitor sensitive data access and usage. This type of monitoring has become a best practice as a countermeasure to APTs and data exfiltration. It also aligns with the recent market renaissance of data security initiatives using DLP/eDRM tools from companies like Digital Guardian, Informatica, Ionic Security, Symantec, and Varonis.

read more

Source: ESG

Related posts