search menu icon-carat-right cmu-wordmark

Improving Cyber Security Operations Through Security Data Discipline

September 2021 Video

Security Data Discipline is an analytical framework that helps security teams collect and use the right data to defend networks more effectively.

Publisher:

Software Engineering Institute

Watch

Abstract

 

The current pace of technological change and the need to accommodate remote work caused a surge in endpoint devices, operating systems, and data streams for most enterprises. This rapid expansion of the attack surface significantly increased the mass of data inputs that security teams receive. Data is central to detecting and responding to threats. However, monitoring these expanded attack surfaces creates large, unfiltered data lakes that make it challenging to find and combat actual threats. These data lakes return high volumes of false positives when processed by security tools and are also expensive for companies to retain. Security Data Discipline is an analytical framework that helps security teams collect and use the right data to defend networks more effectively. It reduces and filters the mass of data that security operations teams gather, empowering them with the right data to protect their networks. Through Security Data Discipline, security data streams are centralized into a unified pipeline. This data is parsed, extracted, and transformed using intelligent filters before being redirected to the appropriate location – SIEM, indexed storage, long-term “cold” storage – or dropped. This ensures that only the right data is retained, reducing data indexing and storage costs. The process allows security teams to maintain a comprehensive view of data flows through a dashboard-style user interface that includes data lookups and intelligent redirection. In addition, real-time custom alerts for failure states like dead feeds or cost spikes can be incorporated to improve the response time of security teams. Effective threat detection relies on good visibility into the attack surface. Reducing and filtering the flow of data to your security operations gives you a clearer view of your attack surface, which helps you to identify malicious activity. Security Data Discipline achieves this visibility while also supporting the growth in attack surfaces necessary for companies to stay productive as the nature of work and technology changes. It enables companies to maintain lean and efficient security operations and significantly enhances the ability of security teams to protect networks from attack.