The Defense Information Systems Agency fully recognizes that nation states such as North Korea, Iran, Russia and those in Eastern Europe have dedicated teams that try to hack into American defense systems and other federal and corporate networks.
That’s why Roger Greenwell, chief of cybersecurity for the DISA Risk Management Executive’s Office, says that the heightened threat landscape requires the Defense Department to constantly manage risk and deploy technology to guard against emerging threats.
DISA has structured its security approach across three layers: boundary protection at the edge of the network; the Joint Regional Security Stacks; and host protection at the system and application layer.
In addition, DISA uses behavioral analysis techniques in various elements of its security defenses. A combination of technologies that collect data at the network and host layers establishes normal patterns of behavior. The military’s Cyber Situational Awareness Analytical Capabilities also lets DISA collect data from various sources for analysis and visualization.
“The need for big data analytics continues to grow as the size and complexity of our networks, systems and data evolve,” Greenwell says. “Advanced analytics give us the capability to correlate data from various infrastructure sources, including device logs, application data and sensor data at the host and network level to identify anomalies and conditions that require further analysis.”
By coupling this information with intelligence data, Greenwell says, the security team can visualize the different threats and indicators to determine appropriate actions in defending DOD networks.
Frank Dickson, a research director for Frost and Sullivan, says IT departments require tools today that not only identify malware, but can also track malicious activity.
“Organizations need tools that can deliver more visibility into network traffic,” Dickson says. “I think we’ll see more security products come with sensors, so IT managers can more accurately track the flow of traffic across the enterprise and determine if there’s anything suspicious with network activity.”
Using Analytics to Respond to Threats
Brad Rounding, director of the U.S. Department of Agriculture’s Security Operations Center, says the threat landscape will always evolve and adapt to counter the security tools and techniques that federal agencies deploy.
USDA takes into consideration a product’s functionality based on the product or manufacturer, as well as behavior analysis and change detection capabilities. The agency also will rely heavily on analytics to give it visibility into the network.
“The use of analytics can be helpful with identifying gaps in security coverage, patching issues, attack surfaces that could be reduced and users with more privileges than their positions need,” Rounding says. “We’ll also use analytics to detect cyberincidents.”