Government IT leaders are making strides in cyber defense by implementing best practices and using available tools to make sense of critical data. But often the problem in cyber isn’t being able to pull in data; many would argue they are drowning in data. Instead, the challenge is the lack of real-time analytics to understand the data in more detail and make the data useful enough in time to prevent an attack before it completes.
Digital Government Institute, in collaboration with Software AG Government Solutions, presented a webinar to discuss how agencies are monitoring, collecting and analyzing network traffic in real time to detect and identify anomalies to secure government networks. Christopher Steel, Chief Solutions Architect at Software AG Government Solutions, led the webinar.
Steel started with an overview of what’s involved with continuous monitoring. He explained that continuous monitoring is one piece of the larger puzzle that is a comprehensive risk management strategy for an agency’s information assets. NIST published SP 800-39 in March, 2011, to provide guidance to federal agencies on how to manage information security risk associated with the operation and use of information systems. For decades, organizations have managed risk at the information system level.
Within the scope of continuous monitoring, Steel elaborated, agencies need to determine the effectiveness of risk responses, identify changes to information systems and operating environments and verify compliance with federal legislation, Executive Orders, directives, standards, guidelines and policies. The increased situational awareness that continuous monitoring provides enables agencies to determine possible risks to organizational operations and assets as well as to other organizations, individuals and the country as a whole.
While continuous monitoring does provide ongoing awareness of cyber threats, it doesn’t provide real-time threat protection. Current continuous monitoring challenges include closed, black-box solutions that are difficult to customize, lack of integrated and flexible visualization and replay tools, too many false positives and lack of integrated alerts, among others. He explained that what’s needed is a holistic threat prevention solution, and detailed how you might build such a solution.
Steel suggests such a solution would include an event-driven architecture for real-time performance, complex event processing (CEP) for pattern detection, an in-memory computing layer for real-time big data analysis, real-time analytics for predictive analytics, an integration engine for data ingestion, a visualization framework for dashboards and a business process management tool for threat response and alert management. Software AG Government Solutions has different product suites that provide them the capability to build such a solution.
For more information about combining complex event processing, continuous monitoring and predictive analysis for threat prevention, as well as a Q&A session with Christopher Steel, watch the webinar here.