cl-nz logo
Story image

Security analytics: Helping you do more, with less

Westcon Imagine 2014 - You’ve got your security technology in place and your SIEMs and logs – now you need an automated method to leverage those existing network security tools.

Enter security analytics, heralded by some as ‘the next big thing’ in IT security.

Mick Stephens, Regional Director, Australia and New Zealand at FireMon, says by integrating a layer of security analytics, intelligence and automation into an existing network security infrastructure and processes, organisations can more effectively find, correct and ultimately avoid gaps in their security framework.

“Intelligent automation of tasks, such as firewall rule administration, allows greater speed of service delivery while ensuring compliance requirements are always met,” Stephens adds.

It is, he says, a way to do more, with less, and achieve better security outcomes.

“We can provide overwhelmed security, risk and compliance teams with automated intelligence to more effectively achieve key objectives. Automate the repetitive, time-intensive security tasks and free up skilled resources to focus on the complex issues that need the human touch.”

He says the increasing complexity of delivering IT security outcomes in the face of increased ‘breaches of significance’, and the obligations of aligning these outcomes to corporate and industry regulations and compliances, is driving the need for security analytics.

“This is then wrapped in the shroud of downward budgetary pressure and the increasingly problematic issue of finding and retaining quality security staff.

“This all leads to organisations needing to do much more with less. Freeing up an organisation’s resources to address these broader issues by automating security processes, but doing this in an intelligent and analytical way, is a step to achieving this outcome.”

In a recent survey FireMon commissioned, 73% of respondents considered their firewall policies ‘somewhat complex’ to ‘out of control’.

“Cleaning up and tightening the process around the commission and, as importantly, the removal of rules, unquestionably decreases the risk surface. This is even more complex in multi-vendor environments, not to mention adding next-gen firewalls into the equation.”

Stephens says FireMon’s Security Manager is a ‘real-time, proactive analytics solutions’, rather than a post-event log analytics SIEM.

“Security Manager is a complementary addition to a SIEM and can be integrated with all primary providers’ solutions. Both have a place, but the better your security posture (as an example, the cleaner the firewall rule base is) the less likely an organisation is to have security breaches and less need for post-event analysis.”

FireMon provides real-time collection and analytics of security device configurations, with related analysis and reporting, rule clean-up and resource efficiencies, audit and compliance clean-up and reporting, among others.

Changes are detected real-time and alerts issues on unauthorised changes. The analytical data is then used for intelligent automation of repetitive, time intensive security tasks. Historic and real-time data is also used for predictive modelling of threat scenarios basedon an organisation’s current configuration.

“For example, in a network planning and risk assessments project where there is a need to allow additional services, connection of business partners or in the case of business mergers, new divisions, we can assess and predict the potential access risks prior to deployment.”

For more information visit