Security's New Challenges
Advanced threats have permanently changed how organizations think about cybersecurity. It’s no longer enough to monitor for known threats or to just rely on security point products that provide a narrow view. Security teams need an infrastructure wide view of activities in order to identify, understand and stop attackers.
The evidence of the attack and its activities exists in machine data within an organization, so security teams need to gain insight from that data to properly detect, analyze and respond. Attackers will attempt to use all possible mechanisms to compromise your organization, which may involve use of identity, endpoints, servers, business apps, web and email servers, as well as non-traditional systems such as HVAC access control. The evidence of these activities is captured in the machine data from these systems, which makes all data security relevant.
The amounts and types of data needed for making the most effective data-driven security decisions requires a solution that:
- Will scale to collect tens of terabytes of data per day without normalization at collection time and applies a schema to this data only at search (query) time
- Can access data anywhere in the environment, including traditional and non-traditional security data sources, personnel systems, HR databases, industrial control systems, data stores, common and custom enterprise applications that run the business
- Delivers fast time-to-answer for forensic analysis and can be quickly operationalized for security operations teams
- Provides a flexible security intelligence platform that includes significant out-of-the-box content and apps that can maximize security infrastructure investments and the skills of your security team
Understanding advanced threats and business risk drives the need to make more data available for analysis and to see events in context. In this light, all data is security relevant.