The purpose of Security Analytics is to detect attacks as fast as possible, enable IT professionals to block or stop an attack and provide detailed information to reconstruct an attack. They do this by collecting, correlating and analysing a wide range of data.
Security Analytics tools help organisations implement real-time monitoring of servers, endpoints and network traffic, consolidate and coordinate diverse event data from application and network logs, and perform forensic analysis to better understand attack methods and system vulnerabilities. Security Analytics and Forensics tools may also provide critical legal evidence for further action. Security Forensics specifically involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis.