< ciso
brief />
Tag Banner

All news with #security analytics tag

30 articles · page 2 of 2

Security Teams Adopt AI — Use Mostly Basic Capabilities

🛡️A new Sumo Logic report finds widespread AI/ML adoption in security operations but limited depth of use. The 2026 Security Operations Insights study, published 28 January, shows 96% of security leaders report adopting AI/ML, with 90% valuing it for reducing alert fatigue and improving detection. However, most cited relatively basic use cases — threat detection, automated response, anomaly detection and incident triage — challenging vendor narratives about broad, deep AI integration. The survey also highlights tool sprawl and alignment gaps between security and DevOps.
read more →

Seven Signs Your Cybersecurity Framework Needs Overhaul

🛡️ Organizations should rebuild security frameworks when they fail to sense environmental change, respond effectively to incidents, or support proactive risk management. Experts recommend a dynamic sensing-and-response capability, routine reviews (biannual heavy reviews with interim cursory checks), and deliberate integration of NIST baselines with industry-specific controls. Key warning signs include any breach, chronic alert overload, negative KRIs/KPIs, endpoint and AI gaps, and a compliance-only posture that ignores business risk. Rebuilds are also warranted after major business or regulatory shifts or when incremental fixes no longer suffice.
read more →

BigQuery adds MATCH_RECOGNIZE for row-sequence SQL

🔍 BigQuery now supports MATCH_RECOGNIZE, a SQL clause for identifying ordered patterns across rows and time-series data. It lets analysts express complex sequence logic—using PARTITION BY, ORDER BY, PATTERN, DEFINE and MEASURES—inside a single query without heavy joins or external processing. The feature targets use cases like funnels, fraud detection, log sequencing, and financial pattern detection, and is immediately available to all BigQuery users.
read more →

AWS Step Functions introduces unified metrics dashboard

🔍 AWS Step Functions now provides a unified metrics dashboard in the console that centralizes usage and billing metrics for both account and state-machine levels. The dashboard covers standard and express workflows and surfaces existing metrics such as ApproximateOpenMapRunCount. It is available in all Regions where the service operates and can be opened from the Step Functions console.
read more →

Amazon Managed Service for Prometheus Adds Anomaly Detection

🔍 Amazon Managed Service for Prometheus now includes anomaly detection using the Random Cut Forest (RCF) algorithm to continuously analyze time series and surface unexpected metric behavior with minimal user intervention. When you create an anomaly detector in an AMP workspace, it generates four derived time series that represent detected anomalies and their confidence values. Those derived series can be used to build dynamic alerting rules in the AMP Alertmanager and visualized alongside input metrics in self‑managed Grafana or Amazon Managed Grafana. The feature is available in all regions where AMP is generally available and is configurable via the AWS CLI, SDKs, or APIs.
read more →

Measuring Cybersecurity: KPIs, KRIs and Effective Metrics

🔍 This article explains how organizations can measure cybersecurity effectively by aligning technical metrics with executive concerns. It outlines five iterative steps — define requirements, select key indicators, identify metrics, collect and analyze data, and report indicators — to create an actionable measurement cycle. Emphasis is placed on using high-level KPIs and KRIs, automating collection, and reviewing indicators with stakeholders to ensure relevance and drive decisions.
read more →

Key Security Metrics CISOs Need for Business Alignment

📊 Measuring security performance is essential for CISOs who must demonstrate how security supports business objectives. The article outlines ten metric categories — including incident response (MTTD/MTTR), vulnerability "window of exposure," security awareness and maturity — and stresses choosing metrics that answer stakeholders' questions. Experts such as Richard Absalom and Frank Kim advise avoiding meaningless measurements and using metrics to prioritize work, allocate resources and communicate security value to the board.
read more →

Six Ways to Curb Security Tool Proliferation in Organizations

🛡️ Organizations facing security-tool sprawl should begin by inventorying controls and eliminating those that no longer map to business risk. Use automated analytics and dashboards to surface ineffective or redundant products, and prioritize tools that enable automation to consolidate alerts and workflows. Remove duplicate solutions—often introduced through acquisitions or silos—and move toward unified platforms while fostering continuous training so teams actually use and benefit from deployed tools.
read more →

Where CISOs Should See Splunk Go Next: AI & Resilience

🔍 At .Conf in Boston, Splunk and parent company Cisco positioned machine data as central to next‑generation AI incident response, arguing telemetry represents roughly 55% of global data growth. They stressed tighter integration of security and observability, a federated data model with new support for Snowflake, and standards work such as OpenTelemetry and the Open Cybersecurity Framework (OCSF). Splunk also previewed enhanced security operations capabilities — a premier Enterprise Security bundle, Detection Studio, and agentic AI features — while acknowledging customer concerns about costs, legacy positioning, and support.
read more →

Avnet Reclaims Security Data, Cuts Costs, Boosts AI

🔐 Avnet moved away from vendor-bound SIEM, EDR and RBVM silos toward a centralized security data pipeline built on Cribl, prompted by a legacy SIEM renewal that became a strategy inflection point. The redesign gave Avnet full ownership of telemetry, enabled large-scale ETL and flexible routing, and freed analysts from vendor dashboards. Operationally, licensing and storage costs dropped dramatically to 15% of prior levels while processing capacity doubled and pipeline staffing fell from four engineers to one. With its own data layer in place, Avnet is accelerating analytics and AI use cases such as tailored LLMs and retrieval-augmented generation (RAG) to improve investigations and reduce analyst workload.
read more →