Security Analytics is one of the two fastest growing product categories in security. Unlike sand boxing for advanced malware detection it provides a comprehensive view into all network traffic,not just payloads. Every organization will have to deploy some sort of security analytics.

The largest IT departments in highly targeted environments, like banks and defense contractors, are already doing some sort of security analytics. The enterprise is hiring the talent now to be able to deploy and use security analytics. Smaller organizations will have to use managed service providers because they lack the staff. There will be stand alone tools, cloud tools and capabilities built into network security platforms. Scale, speed and ability to apply security intelligence will be the determining factor in the success of these tools. Security analytics is an emerging requirement in the ongoing arms race with threat actors.

Distributed-denial-of-service (DDoS) attacks promise to remain a potent threat to the enterprise in 2015. Both IT and the boardroom need to protect mission-critical infrastructure from this growing menace to availability, brand image, and the bottom line. The key to success? Don't ignore DDoS; instead, take preventive action. With that in mind, IDC believes that hybrid defense scenarios (on-premises equipment married with cloud services) will continue to grow as organizations seek to parry advanced application and large-scale volumetric attacks and as solution providers and product vendors work to deliver joint solutions.

In order to effectively address threats within the kill chain, organizations must move faster to identify compromised systems before that compromise escalates to information theft. They need to see the entire scope of the threat—from when the compromise originated to how and where it spread, as well as the type of attack and what was communicated. Above all they need confidence that the investigations they conduct are accurate and relevant—focused on the attacks that matter most.

In 2014 Ovum looked at the evolution of the distributed denial-of-service (DDoS) attack landscape, highlighting that massive volumetric attacks were on the rise, while lower-bandwidth, more sophisticated attacks were targeting the application layer. It also described how DDoS had evolved from a standalone threat to become increasingly part of blended attacks against intellectual property or financial assets, with the DDoS providing a smokescreen to cover the theft.

This white paper updates the process, looking at attack data for the last year, as well as discussing and seeking to dispel some of the myths around how DDoS mitigation is developing. Finally, it makes recommendations regarding the kind of infrastructure that companies facing the entire spectrum of DDoS attacks should adopt.

This paper examines the four stages of evolution as security organizations move from reactively responding to incidents to proactively identifying and hunting for threats. It provides a snapshot of each stage, including the size and structure of the security team, approaches to incident response (IR), team skill sets and necessary metrics. It also identifies how to evolve your security posture to one capable of proactively hunting and neutralizing advanced cyber threats—before you end up in the headlines.

The ground has shifted under most enterprise IT security staff. Breaches are now capturing prime-time air across mainstream media outlets. As the world becomes more connected, it is no longer enough for enterprises to react once an alert indicates an attacker is inside the network. Instead, with continuous packet capture and threat feeds followed by analysis, it is now possible to hunt the attackers and locate them versus waiting for an alert. Breaches may be viewed as a security problem, but it’s they’re a bigger issue. This is a business problem; similar to lost customers, inventory, or market share, but it just happens to be through technology.

Experienced security leaders and executives have already recognized this challenge and are working towards assembling the perfect blend of people, process, and technology. What is it that they are forming? Internal teams directed to stop waiting for alerts to indicate there’s a problem and to go hunt for the attacker.