Investigating the Role of Big Data in Digital Security Analytics

Subscribe To Download This Insight

4Q 2018 | IN-5302

Misinterpretation of big data in security analytics is causing turbulence in market landscapes, with poorly implemented solutions that are set to have a detrimental effect over time. The definition of big data in security should include a larger intelligence pool, a greater partnership ecosystem, and the potential to elevate security through superior machine-learning design.

Registered users can unlock up to five pieces of premium content each month.

Log in or register to unlock this Insight.


Misinterpretation of Big Data


Vital concepts like Artificial Intelligence (AI) and big data are overused in contemporary sales and marketing materials of digital security companies. More often than not, these terms are utilized either in a simplistic fashion to erroneously describe a specific product or service or as an overly complicated piece of knowledge used to accompany or frame a particular machine-learning or cloud-based process. There is, however, a huge difference between a certain marketing strategy that claims to have an “AI-powered big data security analytics solution” and the presence (or lack thereof) of the actual underlying technologies used to produce such a result. So why is this a big deal? After all, security sales and marketing sources are frequently “bending” the truth when it comes to the accurate portrayal of their companies’ capabilities—why does this particular issue matter?

Research Shows Gaps in the Market


The answer to the question above should concern all existing and potential customers of such security services and is quite simple. Besides providing false information, lowering the security threshold of their clients, and making them more prone to cyberattacks, such “hollow” services will prove quite detrimental in the long run, since the cost of a data breach from poorly implemented solutions can range from tens of thousands all to the way to hundreds of thousands of U.S. dollars—not to mention the added effect of a hard-to-mend loyalty loss from all afflicted clients. Recent research on the subject has uncovered a substantial number of instances where security vendors promote their solutions with false information—essentially a “dumbing down” of key concepts like big data and AI. On the other hand (and on a less bleak note), research has also revealed that digital security technologies do trend toward the right path, with established leaders like IBM, LogRhythm, and Cisco as well as prominent contenders like Crowdstrike, Darktrace, and McAfee leading the way.

So what is security analytics? Where do big data fit in the security market landscape? Is it really the game changer it is made out to be? ABI Research defines security analytics as the greater sum of software, application, statistical and computing, machine-learning, and algorithmic processes that aim to empower the effectiveness of other security products by providing an enhanced level of intelligence. To that end, big data should not be considered as just a unilateral communication with a particular cloud vendor that provides data from a specific security database and that serves the purpose of an added data source for one specific security product. That particular cloud-based data retrieval pattern is not what big data in analytics is all about. Rather, it should provide information across a wide spectrum and variety of sources—from unstructured and chaotic data lakes to industrial repositories and Internet of Things (IoT) application intelligence.

Outlining the Objectives of Big Data in Analytics



Although (by definition alone) big data should be difficult to assimilate, it should provide security analytics products with some much-needed assistance in three major areas. First, it should bolster intelligence-gathering processes beyond the confines of the organizational network (which includes internal endpoint information, sandboxes, software, and application data, as well as network and telemetry information) and unify threat intelligence under one single platform or service.

Second, it must actually be practically beneficial for cybersecurity endeavors and elevate security posture for the security provider and the implementer. Note that in some cases the previous rule can also extend to include cloud-access security brokers dealing with data governance challenges as well cloud service providers who aim to hone their own offerings.

Third, and perhaps just as important for future applications, it should spearhead the way into the next state of evolution of security analytics. This should ideally include the processes of cognitive computing and Natural Language Processing (NLP). NLP will allow machine-learning algorithms to detect, assimilate, and learn from threat intelligence papers, documents, and other “plain text” sources. These sources can be the result of academic papers, security descriptions and data logs, research papers, etc. While a relatively niche and fledgling technology during the past years, NLP has truly risen to the top of the developers’ list by offering great versatility and potency, albeit with a certain degree of uncertainty. Combine the above with the ability to harness the power of big data through a multitude of data sources as well as fine-tuned intelligence-gathering processes, and we can truly expect the next stage of security analytics to be quite a potent game changer in the near future.


Companies Mentioned