Organizations around the world find themselves inundated with security data that is incredibly challenging to digest and process. Servers, endpoint devices, network components, firewalls, cloud services and security appliances all generate massive amounts of information that would be impossible for security analysts to comb through on a daily basis. But this data still has value, and its analysis can yield insights that help improve security. To unlock these insights, many organizations turn to security analytics tools that take on the heavy lifting by correlating data from multiple sources and mining it for crucial security information.
My clients are discovering that the same tools that perform security analytics can also be pressed into service for business analytics. The same correlation and analysis engines that generate security alerts may also be tuned to identify business opportunities and deliver added value to the enterprise. That’s a powerful argument for security teams seeking to justify added budgets for security analytics. It’s difficult to demonstrate the direct return on investment of a security tool, but the case is far stronger when the same tool delivers direct benefit to the business. I’d like to share the stories of two clients who recently deployed the Splunk analytics tool in just this fashion.
Drilling for Oil, and Mining for Security
I’m currently working with an energy company that does natural gas exploration throughout the U.S. and Canada. The company’s business model is to bring quite a bit of expensive equipment onto a site, drill for gas and then move on to the next site as quickly as possible. The business relies on sophisticated technology, and the company can’t afford to have that equipment sit idle.
It recently deployed Splunk at its sites for security monitoring purposes. Splunk watches over each site’s technical and physical security infrastructure, correlating information for signs of potential attack. It simultaneously receives feeds from the site’s firewalls and network devices as well as the cameras, doors and gates that make up the physical security infrastructure. If an attacker seeks to gain physical or logical access to the sensitive data stored on-site, the company’s security operations center notices immediately and can respond appropriately.
At the same time, the company is also using Splunk to derive business value from this proprietary data. The Splunk analytics engine mines through drilling data and helps the exploration team to quickly identify trends and to project the site’s future productivity.
Discovering Healthcare Opportunities and Securing Proprietary Data
Opportunities for analytics also abound in the healthcare field. I’m currently working with a regional healthcare network on its deployment of Splunk’s analytics engine as a security solution. The company’s IT staff works with vast quantities of sensitive patient information that is regulated by HIPAA. Splunk helps them watch for signs of attack and quickly respond to security incidents, supported by full visibility into their security data.
They’ve also found ways to deliver direct business value using Splunk. In addition to mining security data, they’ve turned Splunk loose on economic development records to help identify business opportunities. For example, they recently looked through construction and census data and determined that one area of the city they serve is seeing quite a bit of new home construction and a trend toward young couples moving to the area. They’re seizing on this opportunity to build a new pediatric clinic in the area, ready to serve the growing families that the data predicts will continue to move to that part of the city.
It’s rare that we’re able to find opportunities where security tools can also provide clear business wins. Security analytics is one powerful example of a way that dual-use technology can pay for itself by serving two masters.
This blog post brought to you by: