recommended reading

Commentary: Head count isn’t the answer for cyber defense

It is reassuring that the Pentagon, the nation’s leading cyber defense agency, has announced plans to beef up its cyber protection capabilities. Officials would expand U.S. Cyber Command into three teams to focus on privately owned critical infrastructure, military operations and Defense Department networks. It is questionable, however, whether throwing head count at the problem will address what is really a big security data challenge.

Unfortunately, relying on manual processes to comb through mountains of logs is one of the main reasons critical issues are not being addressed in a timely fashion. According to Verizon’s 2012 Data Breach Investigations Report, 92 percent of breaches were discovered by a third party and not through internal resources.

The ultimate goal is to shorten the window attackers have to exploit a software or network configuration flaw. Big data sets can help put specific behavior into context, but there are some real technological challenges to overcome. A March 2012 report by technology research firm Gartner puts the magnitude of the problem in perspective. “The amount of data required for information security to effectively detect advanced attacks and, at the same time, support new business initiatives will grow rapidly over the next five years,” the report said. “The amount of data analyzed by enterprise information security organizations will double every year through 2016. By 2016, 40 percent of enterprises will actively analyze at least 10 terabytes of data for information security intelligence, up from less than 3 percent in 2011.”

A continuous monitoring approach to protecting data is recommended by the National Institute of Standards and Technology. It has become a mandate in the government sector. But it only adds to the big security data conundrum because increasing the frequency of scans and reporting exponentially increases data volumes. This raises the question: How can the Pentagon and other organizations take advantage of big security data without having to hire a legion of new employees?

While security monitoring generates big data, in its raw form it’s only a means to an end. Ultimately, information security decision-making should be based on prioritized, actionable insight derived from that data. Big security data must be correlated based on its criticality or risk to an organization. Without a risk-based approach to security, organizations can waste valuable information technology resources mitigating vulnerabilities that in reality pose little or no threat. Big security data has to be filtered to just the information that is relevant to specific stakeholders’ roles and responsibilities. Not everyone has the same needs and objectives when it comes to leveraging big data.

To deal with big security data and achieve continuous monitoring, the Pentagon and others must use technology like information security risk management systems to automate manual, labor-intensive tasks. ISRM systems make threats and vulnerabilities visible and actionable, while prioritizing high-risk conditions and allowing organizations to address them before breaches occur.

Torsten George is vice president of worldwide marketing, products and support for Agiliance, an IT security risk management firm.

Threatwatch Alert

Spear-phishing

Google Chrome Update Addresses Super Sneaky URL Trick

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.