Op-Ed: This Is the Year Agencies Will Turn to Big Data to Fend Off Cyber Threats

wavebreakmedia/Shutterstock.com

From employee stress to kill-chain and log analyses, it’s all about the data.

This is the year government will press forward with cyber defense strategies to address the threats that made headlines in 2013 – insider threats, for instance, and the need for log data in projects such as the HealthCare.gov website –  but with the added complexity of fewer resources and an ever-evolving threat landscape.

Big data does two major things for agencies countering cyber threats. First, it saves money and time. The ability to quickly find, assemble and analyze information from disparate sources to identify patterns of anomalous network or host behavior can lead to the faster detection and response to cyber threats. Big data also sets the stage for “aha moments,” when security analysts make discoveries and innovate in ways they hadn’t before. This could mean discoveries about citizen behavior on public-facing websites and applications that allow for innovation and better service or about new techniques terrorists are using to hack into secure government networks.

Agencies will increasingly rely on big data solutions to see all relevant data for security and information technology operations, and that will lead to unprecedented (and sometimes unpleasant) discoveries about their security posture. This is especially important as government faces the cyber threats of 2014, which will require innovation and creativity to protect systems and data.

Consider Employee Stress When Analyzing Big Data Patterns

Insider threats will undoubtedly be top of mind this year, and agencies will need to reexamine how data is used, categorized and accessed by employees and contractors. This means deploying big data analytics tools to analyze activity on their networks, servers and devices for potential anomalous behavior occurring within their roster of trusted insiders. For example, a simple search that uncovers a particular IP address logging into a system can oftentimes detect insider threats because it offers insight into a pattern of behavior of who is using a specific login to access many different types of information. Analytics tools can decipher if an IP address doesn’t match up with the IP address associated with the cleared individual who has access those data sets.

In addition to monitoring, analyzing and correlating IT data, agencies need to consider the psychological factors involved in the case of insider threats. For example, if an employee or contractor has three new residential addresses or three new phone numbers in a very short period of time, this can signal a particularly stressful period. Other potentially relevant emotional triggers or indicators include a recent change in marital status or a dramatic change in types of Internet sites visited as viewed in proxy data. Big data analytics should be used to look across data sets in context to gain a better understanding of employee stresses, how these can affect behavior and how those behaviors can manifest themselves as risks to the organization.

Coupling pattern analysis of network, data and system access through the lens of data representing potential psychological changes is absolutely necessary to understand insider threats.

Kill-Chain: Big Data and the Six Steps to Mark a Threat

Kill-chain will be among the biggest buzzwords in 2014. As defined by the MITRE Corporation, the kill-chain analysis is a series of steps that mark the typical process of a cyberthreat: reconnaissance, weaponization, delivery, exploitation, command and control, execution and maintenance. Agencies will begin to rely on kill-chain analysis to break down and analyze events and to understand how to best halt attacks that are already in motion.

Kill-chain analysis can provide a deeper dive into each phase and understand how to stop attackers at any particular phase of the attack itself. This requires a big data approach because agencies need to know as much as possible about their IT environments. This is made possible by analyzing credentialed activity data from multiple sources and knowing what amounts or types of activities are normal or not normal using statistical analysis and base lining. Recognizing any large file transfers out of their networks, identifying insider threats and so on. The kill-chain analysis will become a popular methodology for threat analysis in government as threats become more sophisticated and difficult to stop in real-time.

The Importance of Log Data

Complications surrounding the rollout of HealthCare.gov have left little doubt that government IT procurement reform will be a 2014 priority and that the purchase of big data log analysis tools to help discover security and operational errors prior to an application’s launch will become mandatory.

Log data is going to become front and center as procurement reform moves forward because this is where IT administrators can uncover errors and understand activity at the application level. Agencies will increasingly look to big data solutions to gather all their log data in a single place, index those logs and then look at transactions in the data across the architecture stack.

Government can look to the private sector for log data lessons. Etsy, for example, is an e-commerce site that currently has more than 30 million users. Etsy uses big data analytics tools to search and identify anomalous patterns in access logs and error logs, such as cross-site scripting and increasing failed log-in rates, to help guarantee uptime and full security of the site.

Big Data Remains Top of Mind

No matter how you slice it, big data is the common theme in what is needed to help agencies adapt to the evolving threat landscape. This is the year official policies will clearly define the right methodologies, strategies and tools and techniques agencies should use to protect their sensitive data. The private and public sectors will continue to work together toward the common goal of national security, and the innovations derived from these partnerships will be what drive government’s response to attacks on the cyber front. Big data will be the key to understanding all of the risks agencies face.

Mark Seward is senior director of security and compliance at Splunk.

(Image via wavebreakmedia/Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.