Encryption vs. Security Analytics

by Apr 25, 2016

I recently read 2 articles on security;

  • The first covered the new model in which analytics are used to detect security issues;
  • And a second advocating the need for encryption and why it was much better than the new model of security analytics.

The two articles explained how their approach is better than the other in terms of defending against cyber attacks.  The encryption argument is if there is an attack, security analytics is not going to be able to defend against it.  You need to encrypt your data.

From the security analytics side, proponents explain that encryption can be hacked, and you need security analytics to automatically gather information from different sources to proactively defend against attacks.  The article gave examples of how banks and financial services firms have used analytics to detect fraud patterns and prevent fraudulent charges/transactions on credit cards and accounts.  While the financial industry has improved its fraud detection and can now limit the damages if an account has been compromised, it has not been able to completely eliminate fraudulent charges.  The industry has been working on putting in additional measures such as EMV chips and PINs, and is exploring mobile payments to try to stop the damage before it can take place.  

Thinking about security, I don’t think one approach is better than the other.  Security analytics complements other security controls: encryption, network traffic surveillance, intrusion detection & prevention, anti-virus / anti-malware,  and identity and access management.  Security analytics tools help organizations strengthen their monitoring, detect any breaches as soon as possible and assess the impact.  With the number and sophistication of attacks, security analytics tools need to be able to gather information from multiple sources (logs, network packets, endpoints..) and intelligently analyze the information for patterns of malicious activity or attacks in real time.

Encryption and identity and access management are needed to protect and limit any issues in the event data is compromised.  Encryption can take place at different stages.  For example you can encrypt data at the application level and/or at the database level.  Data can be encrypted at rest and/or while in transit.  There are overhead costs to using encryption, and some organizations have not encrypted their data due for fear of degraded application responsiveness.  Fortunately with advances in encryption technology, this is no longer true. In terms of securing data, Microsoft is one of the companies leading these advances with the new Always Encrypted capabilities in SQL Server 2016.

With the prevalence of data breaches, It will be better to employ multiple security controls along with a healthy dose of constant vigilance plus aligned people and processes to swiftly deal with any compromise.
What forms of data security do you use or not use? Why? Sound off in the comments below!