How to identify cyberattacks early and limit damage

Shutterstock image: cyber eye.

Cybercriminals are getting smarter every day, as evidenced by recent government and corporate data breaches. They are constantly adapting methods and tactics to exploit new and undiscovered vulnerabilities inherent to government and industry systems and networks.

Adversaries have been so successful at implementing agile, almost hydra-headed attack patterns that an average of 35 percent of all cyberattacks go undetected, according to research released by the Ponemon Institute. Similarly, the U.S. Computer Emergency Readiness Team reported more than 46,000 incidents at federal agencies in 2013.

That alarming rate of success, along with the highly publicized nature of the attacks, has spurred the National Security Agency, the Pentagon and the White House to refocus on the state of our nation's cyberdefense capabilities.

Federal agencies must shift from reactive to proactive strategies to understand and anticipate the behavioral nature of a threat before an attacker can cause damage. Although preventive measures such as firewalls and antivirus software are a good start, the next generation of cybersecurity will be fueled by analytics. Organizations will be able to digest huge streams of data, in real time, to reveal patterns indicative of harmful or abnormal behavior and prioritize risk factors accordingly.

That will be accomplished through continuous monitoring of network behavior with an eye for unusual activity. Ideally, agencies should prioritize solutions that integrate analytics from the ground up as a core functionality. Of course, many agencies have already invested substantial money and time into cybersecurity technologies. Those agencies can supplement existing technologies with analytics that work on top of and across those investments.

Advanced analytics examine behavior such as daily network transactions to gain an understanding of each system's normal business behavior. By optimizing and analyzing data in real time, analytical solutions can capture a continuously updated and comprehensive picture of active security risks.

That approach not only complies with but exceeds National Institute of Standards and Technology directives that call for near-real-time risk management capabilities. By first understanding normal behavior and then unearthing hidden, complex patterns to identify potential threats, agencies can gain a holistic view of risk that provides a sustainable, long-term information advantage over attackers. Then agencies can prioritize risks while eliminating problems associated with the oversaturation of data, false positives and duplicate alerts.

Applying real-time predictive and behavioral analytics to all available enterprise and external data can help federal organizations evaluate potential threats, detect likely attacks and gather further intelligence, thereby mitigating threats before significant loss occurs. Agencies must move beyond traditional "collect and analyze" methods to use information in ways and time frames that were impossible in the past.

IDC estimates that federal agencies will spend more than $14.5 billion on IT security to thwart attackers and address incidents. By implementing high-performance analytics capable of processing and evaluating billions of daily network transactions in real time, federal security teams can shrink the time to detect security events and prevent and limit the damage done by attackers.

About the Author

Karen Terrell is vice president of federal at SAS.

The Fed 100

Read the profiles of all this year's winners.


  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group