April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Three ways government security will change in 2013
Security is an ever-growing priority for government. Every CIO and CTO is concerned with protecting his or her agency’s data, as well as determining which technologies to prioritize in the New Year.
As the security landscape continues to evolve in 2013, agencies will change the way they react to and defend against cyber attacks, and government will attempt to reach a resolution for a national cyber defense posture.
The Administration will take action
Cyber security has become one of the most significant economic and security challenges the nation faces today. This year Congress may take another stab at passing cyber security legislation, and the White House will likely release an executive order that outlines the government’s commitment to defending the nation’s critical infrastructure.
This is the year we will see how commercial entities and government agencies plan to collaborate when protecting the electric grid, financial and banking networks, and healthcare data. It will also be the year the administration identifies the roles and responsibilities of government agencies, such as DHS, NSA and DoD, at a high level. This rising level of concern is a direct result of the increasing sophistication of national cyber threats.
Agencies will react to increasing creativity of cyber attackers
Attacks from malicious insiders and advanced threats are more complex and creative today than ever before. Advanced Persistent Threats (APTs) have become more elusive and sophisticated as victims’ capabilities to respond to these threats have improved over time. As a result, agencies will begin to dedicate more resources to their cyber workforce. They will prioritize regular employee education and training and will invest in recruiting and retaining appropriate cyber talent.
Agencies will continue to use access controls and other types of data separation to manage the roles and responsibilities of cyber security personnel. However, they will also dedicate more resources to secure information sharing and collaboration for comprehensive cyber analytics. We will see agencies share application, security, Web and IT operations data cross-departmentally to encourage new ways of thinking when it comes to developing the best system of defense.
The traditional SIEM is a dying breed
The here and now of advanced threats combined with enterprise class datasets presents a new challenge of maintaining situational awareness in the IT architecture. To address this challenge, security monitoring and data analytics technologies are expanding beyond what might be considered “normal” aspects of cyber security, like collecting data and defending networks with signatures and security appliances.
A cohesive, logical cyber security system should also have the capabilities to analyze large data sets of raw text data -- unfiltered and unformatted -- in real time. However, traditional SIEMs cannot scale to meet these big data demands.
This year, agencies will move away from storing data in structured back-end databases with a traditional SIEM and move toward next generation technologies that store raw data sets from multiple sources and allow users to ask questions of that data. Rather than watching security events occur and responding to pre-defined logical conditions, security professionals will rely on analytics tools that investigate all the data on an agency’s networks, devices, data centers and virtual environments.
Ultimately, the cyber security mindset of 2013 will be centered on advanced analytics and active defense. Comprehensive analytics will help agencies monitor and respond to every piece of relevant data for complete situational awareness. Collaborative action from government and the private sector will improve the country’s resilience to cyber incidents and reduce the national cyber threat.
Bill Cull is Vice President of Public Sector at Splunk. He can be reached at: