You are on page 1of 2

IDG QuickPulse

* Security

Machine Learning, Analytics, and

Open Source Boost Cybersecurity
Study: IT leaders say visibility is lacking and they would
welcome new platforms
Todays global enterprises are hyperconnected. curity challenges by deploying a security informa-
Employees, partners, and customers access tion and event monitoring (SIEM) system to detect,
corporate systems at any hour of the day or night, investigate, and respond to threats. However, many
from anywhere in the world. Meanwhile, the Internet are finding that they fall short in certain respects.
of Things (IoT) is bringing countless new devices The deficiency most often cited (by 45% of the
onto corporate networks. Together, these trends survey respondents) is the frequency of false-posi-
greatly increase the threat surface that must be tive alertswhen the SIEM system raises the alarm
defended against hackers and cybercriminals. for a breach when, in fact, there is none. (See chart)
Cybersecurity is at the top of the priority list for The biggest challenge is the amount of time
IT leaders, and with good reason. Breaches can be people have to spend to make it a valuable tool.
devastating to a companys finances and reputa- They need to review all the logs and alerts, pick
tion. Threats such as phishing, viruses, and distrib- out false alarms, and respond where needed,
uted denial of service (DDoS) attacks are increasing says Jason Gherardini, vice president of IT at
in number and sophistication. This is true across all real estate firm J.F. Shea.
industries, particularly the public sector, finan-
cial services, retail, and healthcare. And the cost Cybersecurity challenge: visibility
of protecting critical data is putting pressure on Visibility is a distinct challenge for many organiza-
corporate budgets. tions implementing cybersecurity strategies. The
A new IDG Research survey identifies specific biggest challenge is not knowing what I dont
cybersecurity challenges and delivers insight into know, says Gherardini.
how IT leaders are responding. The survey details several problems caused by
lack of visibility:
Cybersecurity challenge: SIEM gaps Incomplete
 information for investigation and
Many organizations have responded to cyberse- response to security events (51%)
Inability to create reliable threat detection

models with enriched data (43%)

Inability to search across complete historical
Issues with Traditional SIEM data (42%)
SIEM has high false positive rate Limited contextual data (34%)

due to static rules 45% Long mean timeweeks or monthsto incident

Inability to deploy SIEM across response (15%)

hybrid and multi-cloud environment 30%

Certain data streams are not

Cybersecurity response: Machine
ingested due to volume or data 25% learning
structure limiting enterprise visibility To detect security threats faster and more accu-
Inability to scale economically (data rately, a significant majority (70%) are using
must be deleted or archived to 17% machine learning to analyze data streams and
avoid increased costs
detect anomalies for incident responders and to
Executing large scale machine
automate threat response.
learning at scale for advanced 17%
threat detection is impossible One of the main benefits of machine learning is
Source: IDG Research breaking down large amounts of data to detect
advanced threats and root out false positives.
IDG QuickPulse
* Security 2

The information we receive from lots of sources is

like a fire hose. We need to boil that down to some- The Cloudera Solution
thing thats reasonable and targeted, says Stash Cloudera empowers cybersecurity innova-
Jarocki, director of information risk and security at tors to proactively secure the enterprise by
food and drug retailer Albertsons. accelerating threat detection, investigation,
Larger organizationsthose with more than and response through machine learning and
5,000 employeesare more likely to use machine complete enterprise visibility.
learning for threat response automation (42%) than Clouderas cybersecurity solution, based
are organizations with fewer than 5,000 employees on Apache Spot, enables anomaly detec-
(17%), according to the survey. This finding tion, behavior analytics, and comprehensive
suggests that smaller organizations could gain by access across all enterprise data, using an
leveraging machine learning if they could find a open, scalable platform. Building on Clou-
platform suited to their needs. deras scalable, open platform enables orga-
nizations to build custom solutions as well as
deploy packaged applications on top of one
Cybersecurity response: open source
shared, enriched data set.
A strong majority of the respondents (72%) are
Using the diverse open source commu-
using open source software for cybersecurity. The
nity to accelerate shared innovations while
top reasons: to democratize cyber analytics and
changing the economics of cybersecurity
gain access to community knowledge, libraries,
enables organizations to come together to
and experiences as well as to break vendor lock-in
fight back against cyberthreats.
by owning the systems that manage the data.
You get value from open source, says John
Nelson, security officer with U.S. Expediters. Conclusion
Nelson has implemented open source software As cybersecurity threats increase in variety and
broadly at his company, including for machine number, cybersecurity leaders face the daunting
learning, and is interested in applying it to challenge of protecting corporate data. Although
cybersecurity. many have deployed SIEM systems as a defense,
Additional benefits of using open source tech- these systems produce too many false positives
nology for cybersecurity are the ability to scale and cannot be deployed across hybrid and multi-
economically on commodity hardware or in the cloud environments. And they cannot scale to the
cloud (33%), to improve scalability with regard to volume of data required for modern threat detec-
data volume and variety (27%), and to enable ISV tion, investigation, and response.
applications to easily integrate into a platform (18%). In addition, insufficient visibility and enriched
data impede threat detection and investigation.
Cybersecurity response: New analytics Increasing the amount of data accommodated
platforms by SIEM systems, and applying machine learning
IT leaders are facing the challenge of defending can address these issues. Many organizations,
their organization from cybersecurity threats with particularly larger ones, are benefiting from them.
an open mind: 61% of the survey respondents Open source is proving to be a key enabler for
said they are highly likely to evaluate new analytics cybersecurity technologies, including machine
platforms over the next 12 months. An analytics learning. As IT leaders search for new platforms
engine to process all that data, root out false posi- to help defend their organizations, many will find
tives, and find the anomalies: That would pique that open source machine learning technologies
my interest, says Jarocki. And interest in new deliver the benefits they seek.
platforms is greater at higher levels within organiza-
tions. In fact, 83% of the vice president and higher
survey respondents said they are extremely or very For additional information, go to
likely to evaluate new platforms.