At a hearing on cybersecurity and protecting taxpayer information held by the Senate Finance Committee last month, the IRS Commissioner, John Koskinen, testified that the agency faces the loss of key IT and data security personnel over the next year. He attributed this to pay discrepancies between the private and public sector as part of his appeal to renew a lapsed law that boosted the pay of top-notch personnel temporarily recruited from the private sector1.
While it is important to ensure that talent is rewarded appropriately, the cybersecurity issue goes deeper than retention of highly trained personnel. For one, agencies are strewn with dozens of disparate security products procured over the years that are managed and operated in silos. Security teams are finding it virtually impossible to manage the number of alerts they throw up – 17,000 and upwards on an average per week – and to conduct any investigation they have to resort to manual processes that are time consuming, error prone and often don’t result in reliable outcomes.
According to a recent survey2, only 4% of alerts are investigated and only 19% are deemed reliable. Existing resources are having a hard time keeping up with the increasing sophistication of security technologies leading to sub-optimal value extraction. Most alarming is the shortage of talent in cybersecurity – more than 209,000 cybersecurity jobs in the U.S. are unfilled and the demand is expected to rise by 53% through 20183. In fact, it is not uncommon to find agency environments where the number of systems and appliances far outnumber the number of security personnel who can manage them.
Reliance on expert personnel alone cannot underpin our cybersecurity strategy. What agencies need are ways to cut down investigation times, streamline the detection and response process, narrow down and raise the level of confidence in the alerts that analysts should investigate and most importantly be able to proactively chase down malicious or abnormal behaviors before they become problems and cause adverse impact. To do this effectively, they need consistent end-to-end visibility across the silos of systems, applications, users and appliances by bringing data together from any and all disparate sources through a single interface. Overlaid with analytics capabilities, agencies can discover powerful insights in real time and ask questions that they never thought of before. This is what we call Operational Intelligence and it enables analysts to make informed decisions and respond to threats rapidly.
In a recent cybersecurity panel hosted by Splunk, participants shared stories of how Splunk has enabled them to overcome their resource issues and enabled them to realize fast time-to-value and detect threats and respond to them fast. Listen to Michael Dent, Chief Information Security Officer, Fairfax County, Virginia, Dan P. Houston, Jr., PMP Manager, IT Analytics, United States Postal Service (USPS), Eric Jeanmaire, Chief, Cyber Defense Branch, United States Citizenship and Immigration Services (USCIS), and Major Steve Pugh, Cyberspace Defense Officer, White House Military Office.
A unifying takeaway was that each one of them was resource constrained and they invested in Splunk and relied on its automation and analytics capabilities to solve this problem. Each one discovered that Splunk goes beyond just aggregating data. It did not require expert security or data analytics skills. It taught Tier 1 personnel to walk incidents, hunt threats proactively, provided the flexibility to adapt to each of their unique requirements, picked up on devices that they did not know about and delivered insights they could avail to make decisions. Some realized time and cost savings in the process.
The shortage of cybersecurity resources will not be solved in the short-term and the adversaries aren’t going to wait. While it is important to retain and train existing InfoSec personnel, agencies should look beyond these scarce resources to address the problem. They should look to ensure that they stay excited, give them the tools that increase their probability to win against the adversary and help reduce fatigue. Automation and analytics technologies, like Splunk, are helping agencies do just that and go beyond what they originally could not imagine.
Director, Solutions Marketing
2 The Cost of Malware Containment (Ponemon Institute, January 2015)