You Are Here: Home » Corporate » Conferences and Meetings » RSA 2015: Quantitative Security: Using Moneyball Techniques to Defend Corporate Networks

RSA 2015: Quantitative Security: Using Moneyball Techniques to Defend Corporate Networks

When Oakland A’s General Manager Billy Beane embraced an analytic approach to building the dream team, he revolutionized baseball. What if organizations embraced a similar approach to choosing security solutions?

The current method is more of an art than a science, Amit Mital, CTO, Symantec noted in his keynote at RSA. By adopting a quantitative approach to data and security, organizations can make better informed decisions.

“There’s got to be a better way,” he said.

The current threat landscape continues to get worse and in reaction the security industry continues to increase the complexity of their software solutions. Mital noted that at RSA, numerous vendors are promoting new technologies, each claiming that theirs is the “one” solution.

The result: some companies have 60-70 separate security products, which can be challenging to manage. However, companies do not have unlimited budget and staff.

“How do you manage the complexity and the interaction between all these products?” Mital asked, later noting “Imagine that you could optimize security decisions based on real data and mathematical analysis.”

Such an approach would involve collecting data about the enterprise’s environment such as how often are attackers getting in? How long does it take to detect and remediate attacks? What information were the attackers trying to access?

In addition to this data, the industry can leverage repositories like the Symantec Global Intelligence Network.

By leveraging pre-existing data and environment-specific information, Mital said, it’s possible to create models that predict what products should be deployed and what configurations provide the most effective level or protection.

The following two tabs change content below.

Leave a Comment