While nearly two-thirds of security practitioners consider the analysis of device data for security to be very important to protect their networks, only 36 percent of companies currently use data analytics for defense, according to survey data released by the Ponemon Institute on Oct. 28.
The survey, based on interviews with more than 600 IT security practitioners and sponsored by security-analytics firm Prelert, found that most security experts considered the automated analysis of security data to be very important to detecting future attacks, but that most companies still relied on human analysts to prioritize potential security alerts. The gap between the perceived usefulness of automated security analysis and the actual deployment of such products suggests that security professionals are worried about the capabilities of existing security-analytics solutions or believe that they are not a target, Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
"This research reveals some major disconnects that IT professionals seem to have between perception and reality," he said. "While even circumstantial evidence points to the increasing volume and severity of cyber-threats, it's shocking to learn that half of security pros don't even view themselves as a target."
The survey's release comes as information sharing and analysis has become a major political issue. While the U.S. Senate's passage of the Cybersecurity Information Sharing Act (CISA) has put external threat intelligence front and center, the Ponemon report suggests that most companies would be better served by finding ways to use existing information in an automated way.
"While the industry will continue to strive for better (and) faster external threat information, organizations can use security analytics today, including machine-learning technology, to gain internal threat intelligence by baselining normal behaviors and detecting anomalies," Mike Paquette, vice president of products for Prelert, told eWEEK in an email.
Ninety-two percent of companies currently rely on anti-malware systems to detect and prioritize threats, according to the report. Other technologies commonly used to prioritize threats include identity and authentication management systems, blacklisting tools and intrusion-prevention systems.
Yet companies are still struggling to collect information from these systems. If a security-analytics system detects an anomaly, only a third of companies receive an alert within "hours," according to the Ponemon report.
The reasons for delaying adoption of security analytics depend on the company, according to Prelert's Paquette. While the use of data analysis for security is not new, the technology may still be considered immature by many companies. In addition, deployment can be complex, especially if the company is not already collecting data.
Yet a new generation of security-analytics products are simplifying the work for IT security professionals, Paquette said.
"Such solutions can be implemented very quickly with existing security personnel and can start delivering results almost immediately," he said. "Costs will usually depend on the size of the infrastructure and how much data is being analyzed."