This interview is an excerpt from GovLoop’s recent Guide to Government’s Critical Cyberthreats. This research guide explains the various cyberattacks government endures and provides steps to safeguard your information systems.
“I’ve got lots of data but I don’t have any context around it. I’m just being swarmed by data.” That’s a statement that Usman Choudhary, Chief Product Officer at ThreatTrack Security, said he hears often when he talks to cybersecurity teams at government organizations. While agencies are accruing multiple tools to monitor their infrastructures, making sense of the cyber data continues to be a challenge.
“The more solutions and layers they put in place to protect the enterprise certainly generates a lot of opportunity, but often that data ends up in silos,” he explained. “Then, being able to leverage that data in any sort of meaningful way becomes difficult.”
In order to reap the benefits of this cyber data, Choudhary said organizations should seek three key attributes: con- text, integration, and value.
While agencies are deploying multiple systems to monitor separate information security functions, Choudhary impressed the need to look at any threat data within the context of your larger IT environment. That broader view allows you to establish baselines, identify patterns, and recognize inconsistencies that might indicate a threat within your system.
Moreover, Choudhary said cyber data must be contextualized within the service you are trying to perform. Having an understanding of how processes and the data they create feed into operations offers a more holistic understanding of individual events. That perspective also helps you prepare a more intelligent threat response that is cognizant of organizationwide implications.
For many agency workers, this contex- tualization can be a challenge as individual operations teams manage disparate tasks throughout an organization. In those cases, it’s helpful to seek tools that help provide context to your larger IT and service environment. “At ThreatTrack, we have made the effort to translate from lower level parameters to higher-level concepts,” Choudhary said. That way, even niche teams can act in concert with organizational processes and goals.
INTEGRATING ACROSS SILOES
Once you’ve taken a holistic view of your environment, it’s necessary to extend that perspective to the technical level. “So the good news is that with many of these systems in place, showing us all of these individual threats and events, they provide some context of what’s happening,” Choudhary said. “But the bad news is that they’re still disparate. There is really no knowledge from one system to the other.”
To remedy that problem, data siloes and the tools that manage them need to be better connected. “We’ve really started to see the notion of security analytics, but you can’t harness the power of that unless you are truly integrated,” Choudhary continued.
ThreatTrack provides multiple security tools in a single package, and integrates those tools across the enterprise. As Choudhary explained, “We wanted to put everything - malware expertise, a strong data science pedigree, and automation, and more - into a single box. While other solutions will identify errors, they’ll tell you one thing that you still have to piece together with other tools. We’re painting a more holistic view.”
IDENTIFYING VALUABLE INFORMATION
This integration also provides the additional benefit of helping organizations identify which data, and specifically which threat alerts, are most valuable. As organizations accrue more tools and therefore more information about their networks, Choudhary said it’s easy for them feel as if they’re drowning in data without a clue as to which alerts should be concerning and which should be ignored.
For organizations that face innumerable real and perceived threats each day, it’s necessary to employ tools that can automatically contextualize your data and identify which alerts are actionable. What’s more, those tools should allow you to quickly understand what those alerts mean and which actions should be taken to address them.
Choudhary explained that ThreatTrack identifies and synthesizes multiple security concerns, in order to highlight only the most meaningful information. “We’re focusing a lot more on the end user, and bringing to surface things that would take hours or days to identify. We’re bringing them to your attention in minutes or seconds,” he said.
While organizations will inevitably accrue multiple security solutions to counter the myriad threats facing government, you can avoid getting bogged down in cyber data.
“Yes, you need more data,” concluded Choudhary. “But it has to be contextualized, it has to be more integrated, and it has to be high value.” To achieve those goals, seek tools that can ease your data burden and provide more insight into your cybersecurity operations.