Security analytics can be a valuable tool for detecting advanced attacks. However, it must be applied correctly. Too often, the goal of security analytics is reduced to the construction of an AI-driven big data platform, running data science algorithms, machine learning, or statistical packages. Instead, the starting point should be to identify the risks that cannot be monitored through conventional security products and then define use cases in security analytics to monitor those risks.
In this paper, we discuss the need for security analytics and applying it in a meaningful way within an MDR service to achieve results. We then discuss the technology components required to put security analytics in action.