LATEST INTELLIGENCE
Nine Metadata Use Cases:
How to Use Metadata to Make
Data-Driven Decisions
We have reached that point. The one where there is so much data on
the network - in terms of volume, variety of data types, and speed at
which it moves - that detecting good traffic from bad is not only costly,
but, with the high signal-to-noise ratio, almost impossible for most
security tools to handle. Attackers know this, and they understand how
easy it is to go unheard - and unseen - in all that noise.
Unfortunately, we have also reached the point where there is too
little time and too little compute resources to efficiently correlate
all the information required to build relevant context to make
accurate predictions on potential security threats. This includes
more than the attacks coming from outside the network; security
teams can also easily miss insider abuse hidden within the noise.
No doubt, today’s advanced security information and event
management systems (SIEMs) can help. They are valuable
correlation engines capable of ingesting a great many different
things. However, for all the promise of Big Data, it remains difficult
to manage enough compute across all the required and varied
data sets to draw inferences about whether logged or observed
system events are good or bad.
To create context about an event, certain information is needed.
For instance, it is important to know the IP of a machine in
question; which user is currently logged on it and which user had
been on it historically; what website was visited; what content
delivery network (CDN) was used; what sort of certificate was
sent when SSL began; who signed it; and more. And this is all
before any inferences can be made.
Understanding the State of
Network Security Today
Research Methodology and Goals
In the second half of 2016, Gigamon commissioned the Enterprise
Strategy Group (ESG) to conduct a survey of 300 IT and cybersecurity
professionals. Respondents to the survey all had responsibility and
involvement in the planning, implementation, and/or operations
of their organization’s security policies, processes, and technical
safeguards. Participants also had purchase decision-making authority
or influence for network security products and services.
Survey respondents were located in North America and Western
Europe. Multiple organization sizes were represented in the
respondent base: 25% of respondents worked at organizations
with 100-499 employees, 34% at organizations with 500-
999 employees, and 41% at organizations with 1,000-4,999
employees. The survey included representation from many
industries including manufacturing (22%), retail/wholesale
(11%), financial services (16%), business services (8%), health
care (5%), and communications and media (4%).
This research project was undertaken to evaluate the challenges,
changes, best practices, and solution requirements for network
security operations and network security tools. Respondents were
questioned about organizational characteristics including staffing,
coordination, and time to evaluate new technology. Respondents
were also asked about technology considerations such as the use
of automated models compared with manual processes, types of
network visibility tools in use, use of security monitoring functions,
and current and planned reliance on third-party services for
network security.
Download white papers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
11