It sounds simple – combat cyber threats by harnessing the power of your own data. But many government agencies are still not taking full advantage of big data analytics to detect, contain, and remediate cyber threats.
Last week, I participated in a webinar hosted by MeriTalk that focused on how government agencies can improve cybersecurity through a big data approach. The webinar discussion focused on the findings from a recent Splunk-sponsored MeriTalk survey of 300 federal, state, and local government IT leaders.
I was joined during the webinar by fellow panelists George Jakabcin, CIO for the Treasury Inspector General for Tax Administration, and Matt Smith, Chief Security Engineer at the Department of Homeland Security. We discussed what agencies are currently doing to manage cyber risks and how leveraging data can help to transition government agencies from a reactive strategy to a proactive strategy.
Here are my thoughts on key takeaways from the survey and the webinar discussion:
- 68 percent of survey respondents said that their organizations are overwhelmed by the volume of security data they collect, and 78 percent said at least some of that data goes unanalyzed. Agencies have access to an enormous amount of machine data, including data from desktop computers, servers, firewalls, mobile devices, and other components of an organization’s infrastructure. The key for agencies is recognizing that all data can be security-relevant, and an analytics platform can convert this data into critical operational intelligence for detecting and addressing cyber threats.
- A big data analytics platform can serve as the nerve center of an agency’s security operation, harnessing data from multiple sources to drive improvements in security. The right big data solution can be used to detect known threats as well as anomalies associated with unknown threats that can be missed by signature and rule-based systems. It can also be used for forensics, working backwards in time to understand how an attack unfolded and what transpired afterwards.
- Big data analytics is still underutilized among government agencies, but there is a strong trend toward adopting a big data approach as more success stories are shared. For example, the Nevada Department of Transportation (NDOT) has optimized its security posture by capturing and analyzing machine data using Splunk’s big data analytics platform. On the federal side, the Social Security Administration’s Office of Information Security is using Splunk Enterprise to support its continuous diagnostics and mitigation program and provide enterprise visibility for IT security compliance.
If you missed the webinar, you can still check out the full recording here. Also, to learn about how government security teams can counter security threats through big data analysis, check out our white paper analysis of the MeriTalk survey. Lastly, I recommend attending the Splunk for Security webinar on July 16th to learn about the scope of capabilities that Splunk offers government organizations to enhance their security posture.
Director of Government Affairs and Public Policy