By Milica D. Djekic

There are a lot of questions about what cybersecurity analytics is and what its role in cyber defense could be. It’s not always that simple to explain everything you need to know about such a topic, but let’s say that the cybersecurity analytics could be from the crucial importance in understanding some of the most fundamental stuff in the cyberspace. In other words, in order to obtain some findings of what is going on within the cyberspace, we would use the cybersecurity analytics as a key factor in collecting the intelligence and formulating the further tactics and strategies. The cybersecurity analytics would get closely correlated with the information exchange as well as communications between two devices or within the entire network of the physical objects. On the other hand, a plenty of monitoring and surveillance in the high-tech space would rely on the cybersecurity analytics for a reason the cyber professionals, as well as IT security experts, would get the need to better approach the cyberspace in order to clearly cope with its occurrences and recognize the risks, threats, and challenges as well as define the ways how to combat them. So, would dealing with the monitored signals and communications be enough to understand what we want to?

Practically, if you put under the surveillance some digital data, you would undoubtedly get an opportunity to figure out how their behavior is and what they can do with the rest of the information in the cyberspace. In addition, in so many cases, the data, as well as information exchange assets, would use some encryption algorithms and it would not get simple to cope with such an input. In other words, the cryptography would become so significant player in any cybersecurity analytics attempt and if we are not in a position to decrypt once being sent signal – we would deal with the minor chance to figure out what we need to get about such communication. Basically, it’s so important to take care of the standardization of software, because any kind of applications should get the tool being ready to put them under surveillance. Apparently, once you cope with the software that is capable to do the good monitoring of any information exchange, you would easily gain some findings of data behavior which can help you so greatly to develop the data model and try to put it under some analysis.

Also, there would be still the open question if IT security monitoring would be the appropriate way of data gathering and intelligence production. In essence, the cybersecurity monitoring could be everything starting from the signal listening until the decryption of so skillfully protected streams and it’s so vitally important to get you to need a lot of hard work in order to deal with the cybersecurity analytics, so far. Moreover, the cybersecurity analytics got so important role in preparing the intelligence and their reporting, so what we need to know is that such a task got its purposes in coping with the best practice protection measures. Sometimes the monitored message could get encrypted and the process of decryption and even cryptanalysis is not always that straightforward. On the other hand, in so many cases; we could need the skillful cryptanalyst to transform the ciphertext into the plaintext. In conclusion, the point is not every process of cryptanalysis could be automated or tool-based one, so sometimes we need to rely on the manual efforts of reading the messages, so far.

The need for cybersecurity analytics

So, there would be some concerns if we would always be in a position to deal with the cybersecurity analytics tools and software that would give us the option to easily follow with is going on with the observed signal or transmitted message. In the practice, there are plenty of tools being available on the marketplace that could serve for processing the findings being collected in some cyber defense operation or campaign. That would mean it’s not always necessary to cope with some kind of mathematical skill in order to analyze the information, but you would rather need to get the skillful user of some data monitoring tool. Apparently, the good cybersecurity analysts should get familiar with the mathematics basics at least and in so many cases, they should get an outstanding understanding of such an area. On the other hand, the ultimate need for cybersecurity analytics is to help us deal with the facts, not the assumptions only. Why does this matter? Practically, if we cope with such a tendency, we can make our understanding of the incidents in the cyberspace getting more rational and accurate. As it’s well-known, the accuracy is the big deal in any industry and if we apply the smart cybersecurity analytics – we can count on so pragmatic outcomes. Further, so many security systems and cases are the intelligence-led ones and it’s quite clear why we need a high level of accuracy in producing the intelligence for those purposes.

The cyber defense analytics reporting

It may appear that the huge challenge in the cyber defense analytics is so accurate reporting which role is to figure out what got important and what is not from such significance in the cyber terms. The accuracy in science and technology is so important and no technical systems could work well if they are not accurately designed and developed. The similar situation is with the cyber defense solutions that must deal with a certain level of accuracy. On the other hand, the reporting should get smartly prepared and they would usually deal with some kind of template or the writing form that would suggest to us what to put an eye on. Also, the reporting would require so dedicated and precise work and every single piece of information should get explained in details and using so knowledgeable approach.

How to produce cyber intelligence?

Next, the cyber intelligence would play a crucial role in dealing with some analytic, synthetic and predictive models in the industry. By those models, we would mean any kind of the IT-based system that would get capable to process a large amount of data, information, and findings, so far. Basically, the intelligence production would usually mean that we would rely on the information getting put under some analysis and in such a case – it’s clear why the cybersecurity analytics matters. Apparently, when we say the cyber defense analytics, we would mean by that so sophisticated tools that would deal with the graphical environment and offer us the chance to monitor some trends and tendencies in the cyberspace. This could be so interesting from the perspective of the IT security analyst who would undoubtedly need to cope with a lot of skills and also get capable to demonstrate the high level of the concentration every single time he got the task to cope with something or respond to an incident happening in the cyberspace or within some computing network, so far.

The effects of the choice of a good tool

The primary goal of effective cybersecurity analytics is to make the good choice of the analytical tools that would make our lives and works being much easier. In such a case, the trick is that any information and data – which would go through the web – could deal with some cryptography and it’s not always easy at all analyzing such signals. On the other hand, so soon there would be a great need for automated cryptanalytic tools that could support us in obtaining pure information and later put them under the process of cyber defense analytics.

Some future perspectives

Finally, the future of the cybersecurity analytics is so exciting one and at this stage; we can predict a lot of improvements, innovations and even discoveries in such a field, so far. Also, there is so big requirement for more and more intelligent solutions that would make the job to the cybersecurity analysts getting much simpler and what we also can notice here is that we still struggle with the huge skill shortage in such an arena. Hopefully, the coming times would provide us the chance to approach such a concern in a much more relaxed manner!

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology, and business. Milica is a person with a disability.