This article is an excerpt from GovLoop’s recent guide, “How You Can Effectively Use Data Analytics.” Download the full guide here.
As the volume of data increases every day, government will need new and innovative ways to identify, prioritize and, most importantly, secure their data. This includes managing access to government systems and databases and ensuring data isn’t exposed to malicious threats.
Part of the challenge for agencies is they’ve traditionally relied on older, rule-based policies for network access control. But these policies lead to fragmented security approaches rather than a holistic one for securing data.
To better secure their data and stay ahead of cyberthreats, agencies need a comprehensive platform that combines behavior analytics and cybersecurity. By comprehensive, this means platforms should provide a centralized view of all relevant data, real-time processing to stay ahead of threats and cost-effective data storage for improved long-term visibility. In an interview with GovLoop, Henry Sowell, Chief Information Security Officer of the Federal Sector at Hortonworks, discussed how agencies can combine their cybersecurity and analytics needs into a comprehensive platform to better secure their data.
Getting a well-rounded analytics platform is only the first step to assessing what data agencies own. One concern is that by bringing their data together, agencies create a bigger target for threat actors to easily access their most sensitive asset: data. “When you start collating your data together into one spot, you have a larger set of risks because you’re making a very desirable target for malicious actors,” Sowell said. “And if you’re not approaching security in a consistent manner, you’re risking these large targets.”
So how does a comprehensive platform deliver on improved analytics and security? Sowell explained that it boils down to interoperability, consistent security implementations and holistically viewing data.
A comprehensive platform combines the power of behavior analytics and cybersecurity. With Hortonworks’ cybersecurity platform, for example, agencies can take advantage of interoperability by using an enterprise open source solution. “Partners in the open source community provide flexibility and the ability to improve interoperability,” Sowell said. This means agencies have access to insights that are based on longterm, historical data collection from a community of users. They can then share and receive ongoing feedback and insights from this community of open source users over time.
By taking a data science approach to cybersecurity, agencies can practice consistent security implementations. This approach to security involves the use of behavior analytics and machine learning to identify anomalous activity and combat threats as they are escalating. Alerts and visualization dashboards help provide actionable intelligence to stay one step ahead of bad actors and identify malicious intent.
Such threat detection is based on dynamic rules and constant machine learning. “By combining different datasets like threat data with machine learning, network events that may appear innocuous when examined individually, become detected threat events, enabling investigation and prevention of incidents occurring on their network,” Sowell said. “Additionally, machine learning on a capable platform can enable this detection and prevent threats as they’re occurring in real-time.”
Lastly, a comprehensive cybersecurity platform consolidates threat streams into a single, integrated view and toolset. “Hortonworks’ cybersecurity platform, for example, allows agencies to collect all of their network traffic together from many different threat sources, quickly ingesting a variety of data sources and creating a holistic view of the threats within their networks,” Sowell said.
To ensure that agencies fully harness the benefits of a comprehensive analytics and cybersecurity platform, Sowell recommended keeping abreast of current best practices for cyber posture. First, agencies should ensure their policies are updated and consistent with their security needs.
“Develop appropriate policies that allow for continued flexibility while maintaining a secure posture as you enter into the next phase within your organization,” Sowell said.
Additionally, it’s important to adjust capabilities as cyberthreats continue to evolve. “You have to be flexible,” Sowell said. “Data sources and threats are continually changing. Your tools have to be able to adapt with that. So you need a platform that allows you to remain flexible, adapt to different data sources and develop new approaches to achieve agency missions.”
For government, the volume of data and cyberthreats they face will only continue to expand. As attacks grow increasingly sophisticated and multifaceted, existing security tools only provide one facet of cybersecurity information. But by leveraging data from multiple systems in one comprehensive platform, agencies can assess the true nature of a single threat across enterprises and, ultimately, better secure their data.