Today’s cyber security landscape is so different for public sector organizations they require unique strategies, including an analytics-driven response. “Prevention alone is not sufficient,” according to Ashok Sankar, Director of Solutions Marketing for the Public Sector & Higher Education market for Splunk, “and real-time monitoring and detection capabilities are key to identifying advanced threats and reducing their impact.”
We recently spoke with Sankar about what he calls “operational intelligence,” which is derived by analyzing machine data in real-time and gives agencies what they need to combat threats and create an effective cyber security solution. Here’s what Sankar had to share with GovDataDownload:
GovDataDownload (GDD): Information security is one of the biggest challenges and most important issues facing public sector organizations; what are the key threats to information security?
Ashok Sankar (AS): Today’s increasingly complex threat environment includes external threats from very determined and sophisticated attackers – nation states, cyber criminals, hacktivists – as well as insider threats. A determined attacker is sure to find a way in; it is more a matter of when than if. The industry is settling into this new reality.
Beyond threats, challenges also surround security management and implementation. Security technologies are increasingly complex, and qualified professionals are hard to find. In addition, federal agency systems, which have been acquired over decades, are in siloes and often managed by teams that don’t interact with each other. Without full visibility across the organization, security teams are finding it increasingly difficult to identify and investigate threats in a timely manner. It can take weeks, if not months, to complete an investigation on a specific threat.
GDD: How has the era of Big Data changed the information security landscape for public sector organizations?
AS: Big data has the potential to greatly simplify security management while ensuring a more proactive security posture. Today security analysts are buried in an ocean of data with thousands of events and alerts per day. Without context, it is hard to prioritize, because they either don’t know where to start or don’t have a holistic view.
Security teams need to find and respond to malicious activity and advanced threats quickly. To be effective, they need consistent, end-to-end visibility into what is going on across the organization by bringing data together from disparate sources through a single interface. It is important to note that all data is security relevant, not just alerts from security devices. A powerful approach is to leverage the power of machine data, which offers definitive records of all activities and behaviors of users, applications, servers, networks, devices and more. Overlaid that with analytics capabilities, agencies gain powerful insights into what is actually transpiring in their organizations in real time. This “Operational Intelligence” enables analysts to make informed decisions and respond in a rapid fashion. In many cases, this can make them proactive and less reactive, which is a great move forward for security efforts.
GDD: What are some of the tools that public sector CIOs can leverage in the fight to protect data?
AS: In today’s threat landscape, CIOs need to look beyond just defense-in-depth and prevention tactics. While they are still relevant, today’s advanced attacks require a different strategy. All data is security relevant because understanding context is key to figuring out what is real and what is not. So CIOs need to go beyond just traditional prevention tools and should focus on a platform that can extend monitoring and detection capabilities by collecting data from any and all sources in real time and enabling unbounded searches and queries so they can gain insights and find hidden patterns quickly to identify malware, respond to incidents and look for inconsistent behaviors. This is what we call analytics-driven security. The underlying infrastructure that can support the data volume and velocity also is very important.
GDD: How does the partnership between NetApp and Splunk enable CIOs to face these information security challenges with confidence?
AS: Together, NetApp and Splunk offer CIOs the right strategic approach to deal with today’s threats and drive toward a proactive security posture. Splunk’s machine data analytics platform collects data from any and all sources in real time and makes it available through a single interface. This single pane-of-glass allows analysts to hunt threats, detect malware, conduct investigations and respond to incidents faster and more effectively. To deal with massive volumes of data, in real time, you need an infrastructure that can offer the scale and performance to support it without breaking the bank. NetApp’s storage-based architecture approach have reduced footprints as much as 50 percent to 80 percent compared to traditional server-based approaches. Also, NetApp’s FlexPod portfolio simplifies deployment and reduces deployment risks. Together, the companies offer a proven solution with the flexibility and scalability to deal with big data while ensuring the efficiency and performance necessary to deal with the increasing sophistication and variability of these threats.