May 14 2015

More Analytics Needed in Cyberdefense

Vast majority of government cybersecurity leaders say Big Data analytics can improve defense, study finds.

Cyberthreats stay on government networks an average of 16 days before being detected, according to a new report from MeriTalk funded by Splunk, but some experts believe an increase in Big Data analytics could reduce that number.

The study, titled “Go Big Security,” interviewed 302 federal, state and local government cybersecurity leaders in March to get a clearer view of the cyber challenges facing the public sector.

“Government organizations have access to a wealth of cyberthreat information,” Kevin Davis, area vice president of Splunk public sector, said in a statement. “The challenge is managing that data and connecting the dots in real time. That's how we get immediate insight into threats. Agencies need to detect threats faster and start to predict when and how they will occur.”

Some key findings from the study are:

• 86 percent of respondents said Big Data analytics can improve cybersecurity efforts, but just 28 percent of them believe they are fully leveraging Big Data for security purposes.

• Nine out of 10 respondents said they do not receive enough cybersecurity data to give a complete view of their networks. As a result, 76 percent said their cybersecurity teams act reactively as opposed to proactively.

• With better Big Data and analytics, 61 percent of respondents said they could detect a breach in process. Another 51 percent said they would monitor data in real time if it were available and 49 percent said they would use the data to conduct a conclusive root-cause analysis postattack.

• The amount of data is not the problem: 68 percent said their organization is overwhelmed with information, and 78 percent said that some security data goes unanalyzed due to a lack of analytical tools or personnel with the skills to properly use them..

• Government cybersecurity leaders already are allocating funds to improve network security, with 65 percent investing in or upgrading existing security technologies, 51 percent deploying network analysis and visibility solutions and 50 percent investing in training.