EMA Research Report: Data-Driven Security Reloaded: A Look into Data and Tools Used for Prevention Detection and Response

Security professionals often wrestle with the unknown, struggling with a daunting array of exposures and threats. They are not trying to identify the needle in the haystack but the needle in the stack of needles. Each activity within a network, system, or application may be "the one" that indicates an Advanced Persistent Threat (APT) has taken hold or an insider has gone rogue and requires a response. But how do they know which one is the one?

In most cases, the key to success is not just more data but better data — data that provides context to improve incident analysis and, therefore, appropriate and timely response. Better data can also help security teams to be more proactive. Accurate and timely information in the volumes collected today, however, is not manageable by human hands and eyes alone. Security professionals need the tools that allow them to identify the how and where attacks succeed in overcoming defenses.

In the update to the 2014 Evolution of Data-Driven Security study, Enterprise Management Associates (EMA) returns with updated research that encompasses the insight of over 200 IT and security practitioners and management worldwide, ranging from the SMBs to the enterprise markets across key industry verticals including financial, retail, federal government & aerospace, local government, technology, manufacturing, and utilities & infrastructure. EMA explores how data-driven security continues to evolve security tactics looking at 18 different categories of security tools to understand security management and strategy, and the data sources fueling those efforts.

Some of the questions this new research will answer include: