Bayesian modeling, machine learning and rules-based systems are often cited as three of the most useful technologies for security analytics applications. The problem is that they are often poorly implemented, leading to solutions that are too expensive to manage, generate opaque results inside a ‘black box’ or result in far too many false positives — overwhelming analysts with alerts while missing the most important threat signals.
In a new white paper titled Three Security Analytics Approaches That (Mostly) Don’t Work, Haystax Technology’s team of data scientists, software engineers and model builders delve into these three approaches. The authors first describe the general characteristics of each approach, as well as their strengths and weaknesses. The latter half of the paper lays out a new approach that redefines security analytics by focusing first on building Bayesian inference networks to represent the security problem an organization is trying to solve, and then using machine learning and rules-based techniques as appropriate when processing and analyzing the data that is applied to the model. The key is to exploit the unique strengths of each technique while also compensating for or eliminating their individual weaknesses.
An approach that embraces the model-first ethos can lead to the development of a powerful security analytics solution that reasons like a team of expert analysts, in real time and at scale. Thoughtfully built, combined and applied — with a well-designed software architecture and platform in place to orchestrate all of the necessary analytical processes — the system can operate transparently, consistently and reliably. And in conjunction with properly integrated models, data connectors, data analytics and user interfaces, it does so at a pace and volume that no human analyst, or even a roomful of them, could long endure.
As a result, the white paper notes, security analysts can focus on higher-order analysis and organizations can more effectively anticipate and address their highest-priority security challenges.
# # #
To read the white paper and associated material on how Haystax has redefined security analytics, please click here.