Security analytics can be a valuable tool for detecting advanced attacks. However, it must be applied correctly. Too often, the goal of security analytics is reduced to the construction of a big data platform, running data science algorithms, machine learning, or statistical packages. Instead, the starting point should be to identify the risks that cannot be monitored through conventional security products and then to define use cases in security analytics to monitor those risks.
In this paper, we discuss the need for security analytics and how to apply it in a meaningful way to achieve results. We then discuss the technology components required to put security analytics in action.