Cyber Analytics Needs Innovation

Phil Wheeler
Phil Wheeler
November 15, 2022 • 3 min read

For years, cyber analytics has been utilized by the threat intelligence industry and cybersecurity professionals. Data analytics is meant to automate and enhance operability in whatever facet it is employed for; yet, criminals continue to dominate the cyber threat landscape and outpace the corporate world. In 2022, 88% of companies affected by ransomware believed that both their budget and resources were adequate, but the breaches still occurred. Strategy and the supporting tools must evolve.

Traditionally, cyber analytics has been used to track activity inside of enterprise networks – specifically, the behavioral analytic technique. Behavioral analytics outlines behavioral patterns, enabling threat detection through flagging anomalous behavior and suspicious activities. But that means the threat actor is already inside the network.  And, on average, it takes 207 days to identify a data breach, which is evidence that the technology used does not serve the purpose of helping to protect the network from adversaries.

The threat intelligence industry needs to develop new methods to identify threats in real time. In the U.S., the average cost of a data breach in 2022 was US$9.44 million; implementing advanced cyber analytics that identifies threats in real time will ensure the financial impact is reduced substantially, if not completely.

In light of the threat landscape, cyber analytics requires innovation and new advancements to counter criminal action. By implementing a proactive approach to cyber analytics external of the network, companies will have a successful defense strategy. Data enrichment is critical to understand the true intent of the IP attempting to access the customer’s network. By conducting an automated analysis, cyber analysts should be able to identify any obfuscation and further illuminate the true intent of the IP. The identification of malicious activity external of the network ensures that all threats are identified and flagged in real time, optimizing the identification time-period and minimizing the impact of the event.

The cyber analytics system employed needs to expand past behavioral analytics and the use of SIEM. Actively targeting all data traffic prevents unnoticed malicious activity, unlike SIEM systems that utilize data aggregation and analysis of prior incidents and events. SIEM creates minimal actionable intelligence to counter malicious actors; however, utilizing an advanced cyber analytics platform that conducts global data collection will enable IP acquisition of good, unknown, and malicious traffic. These IPs will be enriched and contextualized to identify their true intent with no disparity between the various types of IP. This creates a far wider scope of data analysis that will highlight unknown malicious vectors to the same extent as already identify threats. Cyber analytics requires innovation to begin to effectively compete with the cyber criminals around the globe.

Ransomware is a growing threat that costs organizations money, time, and reputation. To learn more about how proactive cyber intelligence can help you identify and ward off these attacks, download our new white paper: <Ransomware’s Global Impact: More Responsive Threat Intelligence Is Needed>

Phil Wheeler
Phil Wheeler
Telos ACA Product Management Team
Phil Wheeler assists with strategy and direction for the Telos Advanced Cyber Analytics threat intelligence offering.
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.