Network Security Data Analytics Architecture for Logged Events

Data-driven network security and information security efforts have decades long history. The deluge of logged events from network mid-points and end-points coupled with unprecedented temporal depth in data retention are driving an emerging market for automated cognitive security products. Historically, new technologies like this are delivered as non-contextualized black boxes. We frame network security data analytics within the context of intelligence activities and products and go on to propose network security data analytics as a framework to develop and evaluate cognitive security products that can satisfy operational needs. Finally, we discuss functional design requirements, limiting factors, and initial observations.