How to identify cyberattacks early and limit damage
- By Karen Terrell
- Nov 23, 2015
Cybercriminals are getting smarter every day, as evidenced by recent government and corporate data breaches. They are constantly adapting methods and tactics to exploit new and undiscovered vulnerabilities inherent to government and industry systems and networks.
Adversaries have been so successful at implementing agile, almost hydra-headed attack patterns that an average of 35 percent of all cyberattacks go undetected, according to research released by the Ponemon Institute. Similarly, the U.S. Computer Emergency Readiness Team reported more than 46,000 incidents at federal agencies in 2013.
That alarming rate of success, along with the highly publicized nature of the attacks, has spurred the National Security Agency, the Pentagon and the White House to refocus on the state of our nation's cyberdefense capabilities.
Federal agencies must shift from reactive to proactive strategies to understand and anticipate the behavioral nature of a threat before an attacker can cause damage. Although preventive measures such as firewalls and antivirus software are a good start, the next generation of cybersecurity will be fueled by analytics. Organizations will be able to digest huge streams of data, in real time, to reveal patterns indicative of harmful or abnormal behavior and prioritize risk factors accordingly.
That will be accomplished through continuous monitoring of network behavior with an eye for unusual activity. Ideally, agencies should prioritize solutions that integrate analytics from the ground up as a core functionality. Of course, many agencies have already invested substantial money and time into cybersecurity technologies. Those agencies can supplement existing technologies with analytics that work on top of and across those investments.
Advanced analytics examine behavior such as daily network transactions to gain an understanding of each system's normal business behavior. By optimizing and analyzing data in real time, analytical solutions can capture a continuously updated and comprehensive picture of active security risks.
That approach not only complies with but exceeds National Institute of Standards and Technology directives that call for near-real-time risk management capabilities. By first understanding normal behavior and then unearthing hidden, complex patterns to identify potential threats, agencies can gain a holistic view of risk that provides a sustainable, long-term information advantage over attackers. Then agencies can prioritize risks while eliminating problems associated with the oversaturation of data, false positives and duplicate alerts.
Applying real-time predictive and behavioral analytics to all available enterprise and external data can help federal organizations evaluate potential threats, detect likely attacks and gather further intelligence, thereby mitigating threats before significant loss occurs. Agencies must move beyond traditional "collect and analyze" methods to use information in ways and time frames that were impossible in the past.
IDC estimates that federal agencies will spend more than $14.5 billion on IT security to thwart attackers and address incidents. By implementing high-performance analytics capable of processing and evaluating billions of daily network transactions in real time, federal security teams can shrink the time to detect security events and prevent and limit the damage done by attackers.
Karen Terrell is vice president of federal at SAS.