How to identify cyberattacks early and limit damage

Shutterstock image: cyber eye.

Cybercriminals are getting smarter every day, as evidenced by recent government and corporate data breaches. They are constantly adapting methods and tactics to exploit new and undiscovered vulnerabilities inherent to government and industry systems and networks.

Adversaries have been so successful at implementing agile, almost hydra-headed attack patterns that an average of 35 percent of all cyberattacks go undetected, according to research released by the Ponemon Institute. Similarly, the U.S. Computer Emergency Readiness Team reported more than 46,000 incidents at federal agencies in 2013.

That alarming rate of success, along with the highly publicized nature of the attacks, has spurred the National Security Agency, the Pentagon and the White House to refocus on the state of our nation's cyberdefense capabilities.

Federal agencies must shift from reactive to proactive strategies to understand and anticipate the behavioral nature of a threat before an attacker can cause damage. Although preventive measures such as firewalls and antivirus software are a good start, the next generation of cybersecurity will be fueled by analytics. Organizations will be able to digest huge streams of data, in real time, to reveal patterns indicative of harmful or abnormal behavior and prioritize risk factors accordingly.

That will be accomplished through continuous monitoring of network behavior with an eye for unusual activity. Ideally, agencies should prioritize solutions that integrate analytics from the ground up as a core functionality. Of course, many agencies have already invested substantial money and time into cybersecurity technologies. Those agencies can supplement existing technologies with analytics that work on top of and across those investments.

Advanced analytics examine behavior such as daily network transactions to gain an understanding of each system's normal business behavior. By optimizing and analyzing data in real time, analytical solutions can capture a continuously updated and comprehensive picture of active security risks.

That approach not only complies with but exceeds National Institute of Standards and Technology directives that call for near-real-time risk management capabilities. By first understanding normal behavior and then unearthing hidden, complex patterns to identify potential threats, agencies can gain a holistic view of risk that provides a sustainable, long-term information advantage over attackers. Then agencies can prioritize risks while eliminating problems associated with the oversaturation of data, false positives and duplicate alerts.

Applying real-time predictive and behavioral analytics to all available enterprise and external data can help federal organizations evaluate potential threats, detect likely attacks and gather further intelligence, thereby mitigating threats before significant loss occurs. Agencies must move beyond traditional "collect and analyze" methods to use information in ways and time frames that were impossible in the past.

IDC estimates that federal agencies will spend more than $14.5 billion on IT security to thwart attackers and address incidents. By implementing high-performance analytics capable of processing and evaluating billions of daily network transactions in real time, federal security teams can shrink the time to detect security events and prevent and limit the damage done by attackers.

About the Author

Karen Terrell is vice president of federal at SAS.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group