recommended reading

Commentary: Head count isn’t the answer for cyber defense

It is reassuring that the Pentagon, the nation’s leading cyber defense agency, has announced plans to beef up its cyber protection capabilities. Officials would expand U.S. Cyber Command into three teams to focus on privately owned critical infrastructure, military operations and Defense Department networks. It is questionable, however, whether throwing head count at the problem will address what is really a big security data challenge.

Unfortunately, relying on manual processes to comb through mountains of logs is one of the main reasons critical issues are not being addressed in a timely fashion. According to Verizon’s 2012 Data Breach Investigations Report, 92 percent of breaches were discovered by a third party and not through internal resources.

The ultimate goal is to shorten the window attackers have to exploit a software or network configuration flaw. Big data sets can help put specific behavior into context, but there are some real technological challenges to overcome. A March 2012 report by technology research firm Gartner puts the magnitude of the problem in perspective. “The amount of data required for information security to effectively detect advanced attacks and, at the same time, support new business initiatives will grow rapidly over the next five years,” the report said. “The amount of data analyzed by enterprise information security organizations will double every year through 2016. By 2016, 40 percent of enterprises will actively analyze at least 10 terabytes of data for information security intelligence, up from less than 3 percent in 2011.”

A continuous monitoring approach to protecting data is recommended by the National Institute of Standards and Technology. It has become a mandate in the government sector. But it only adds to the big security data conundrum because increasing the frequency of scans and reporting exponentially increases data volumes. This raises the question: How can the Pentagon and other organizations take advantage of big security data without having to hire a legion of new employees?

While security monitoring generates big data, in its raw form it’s only a means to an end. Ultimately, information security decision-making should be based on prioritized, actionable insight derived from that data. Big security data must be correlated based on its criticality or risk to an organization. Without a risk-based approach to security, organizations can waste valuable information technology resources mitigating vulnerabilities that in reality pose little or no threat. Big security data has to be filtered to just the information that is relevant to specific stakeholders’ roles and responsibilities. Not everyone has the same needs and objectives when it comes to leveraging big data.

To deal with big security data and achieve continuous monitoring, the Pentagon and others must use technology like information security risk management systems to automate manual, labor-intensive tasks. ISRM systems make threats and vulnerabilities visible and actionable, while prioritizing high-risk conditions and allowing organizations to address them before breaches occur.

Torsten George is vice president of worldwide marketing, products and support for Agiliance, an IT security risk management firm.

Threatwatch Alert

Stolen credentials

14M University Email Accounts for Sale on Dark Web

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.