Machine learning key to building a proactive security response: Splunk

Growing demand for business relevance around security analytics will see machine-learning algorithms playing an increasing role in the large-scale analysis of security logs using big-data analytics tools, the head of analytics firm Splunk’s security business has predicted.

Noting that evolving data architectures have positioned analytics platforms like Splunk as “the nerve centre for enterprise security operations,” senior vice president of security markets Haiyan Song told CSO Australia that the real-time aggregation and processing of a wealth of security information was fast becoming an enabling technology for companies’ data security.

“We’re taking information from all the sensors that a company has in its network,” Song explained, “then bringing it together to syndicate, correlate, and derive all the intelligence that feeds back into their security operations to either operationalise the threat – or even to go one step further, and automate some of the remediation as well.”

The empowerment of security systems to drive defensive measures represents a step forward from conventional security and analytics infrastructure, which generally positions analytics technology as an enabler to drive manual intervention. But with machine-learning techniques becoming increasingly intelligent, Song said, defensive systems would become increasingly proactive – particularly in the wake of the company’s July acquisition of behavioural-analytics specialist Caspida.