Unfortunately, relying on manual processes to comb through mountains of logs is one of the main reasons critical issues are not being addressed in a timely fashion. According to Verizon’s 2012 Data Breach Investigations Report, 92 percent of breaches were discovered by a third party and not through internal resources.
The ultimate goal is to shorten the window attackers have to exploit a software or network configuration flaw. Big data sets can help put specific behavior into context, but there are some real technological challenges to overcome. A March 2012 report by technology research firm Gartner puts the magnitude of the problem in perspective. “The amount of data required for information security to effectively detect advanced attacks and, at the same time, support new business initiatives will grow rapidly over the next five years,” the report said. “The amount of data analyzed by enterprise information security organizations will double every year through 2016. By 2016, 40 percent of enterprises will actively analyze at least 10 terabytes of data for information security intelligence, up from less than 3 percent in 2011.”
A continuous monitoring approach to protecting data is recommended by the National Institute of Standards and Technology. It has become a mandate in the government sector. But it only adds to the big security data conundrum because increasing the frequency of scans and reporting exponentially increases data volumes. This raises the question: How can the Pentagon and other organizations take advantage of big security data without having to hire a legion of new employees?
While security monitoring generates big data, in its raw form it’s only a means to an end. Ultimately, information security decision-making should be based on prioritized, actionable insight derived from that data. Big security data must be correlated based on its criticality or risk to an organization. Without a risk-based approach to security, organizations can waste valuable information technology resources mitigating vulnerabilities that in reality pose little or no threat. Big security data has to be filtered to just the information that is relevant to specific stakeholders’ roles and responsibilities. Not everyone has the same needs and objectives when it comes to leveraging big data.
To deal with big security data and achieve continuous monitoring, the Pentagon and others must use technology like information security risk management systems to automate manual, labor-intensive tasks. ISRM systems make threats and vulnerabilities visible and actionable, while prioritizing high-risk conditions and allowing organizations to address them before breaches occur.
Torsten George is vice president of worldwide marketing, products and support for Agiliance, an IT security risk management firm.
Continuous Monitoring As a Service: A Shift in the Way Government Does Business
Research Report: Powering Continuous Monitoring Through Big Data
Addressing the 3 Biggest BYOD Security Threats
Mobile Apps: New Ways to Connect Government with Citizens
JOIN THE DISCUSSION
By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Nextgov does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.