Big Data and Insider Threats: Industry Conversations
On any given day, you will hear numerous buzzwords within the government IT marketplace. Recent conversations surrounding big data, cybersecurity and insider threats are top of mind for government organizations. These discussions are imperative for exploring the challenges, needs and viable solutions that are necessary to achieve a stable security infrastructure. However, it is essential that these conversations involve both sides of the table – government agencies and technology providers.
At Splunk, we work to achieve greater Operational Intelligence through collaboration with our industry peers. Just last week we participated in an Insider Threat Detection and Mitigation conference where Adam Cohn, the director of Government Affairs & Public Policy at Splunk, discussed how agencies can manage insider threat risks in a digitally-connected world and the data defense strategies adopted by government leaders. The event featured executives from several other vendors, along with IT leadership from agencies like the Federal Bureau of Intelligence, Department of Energy and Department of the Treasury. Each speaker provided a unique perspective on threats fit into a broader approach on security risk management.
So, what did we learn about government insider threats from these discussions?
There is no ‘app’ for an insider threat. The term covers so many possibilities that it is often difficult to identify. For instance, potential insider threats include current or former employees, or contractors or business partners. These end-users have (or had) authorized access to data within their organization’s network, and can potentially exceed or misuse that access. This activity could jeopardize the confidentiality, integrity or availability of the organization’s information. There is a long list of red flags to monitor for, but the criteria for each agency is different and each flag is not signal of deliberate, malicious behavior. That’s why behavioral analysis is important to insider threat detection.
Rather than rely on one piece of information, agencies should take an enterprise approach. This system-wide method includes the development of risk profiles to help evaluate potential threats, and can differentiate innocent behavior from malicious behavior. It’s important to establish “normal” activity criteria for employees, and once that is established, have the ability to identify “abnormal” behaviors. For example, if an employee is accessing the network at odd hours, and that behavior has never been observed before for the given employee, then that behavior falls outside of expected activity and should be flagged for further investigation. Those activities alone don’t mean an individual is a security threat, but analyzing this type of information can reveal the potential risk to the agency.
Of course, the importance of big data analysis is not limited to the issue of insider threats. Splunk recently participated in Carahsoft’s Fifth Annual Government Big Data Forum. At the event, attendees heard government leaders discuss patterns for applying big data technology to real-world challenges. Splunk’s Adrish Sannyasi, a Healthcare Solutions architect, joined a panel of experts to discuss the intersection of big data and cybersecurity, exploring how utilizing data analytics can support security and Operational Intelligence across the public sector.
For federal agencies, understanding and utilizing big data is a challenge. While the Department of Defense may use big data differently than civilian agencies, there are commonalities in defining big data. We like to refer to them as the four Vs: volume, the quantity of data you collect; velocity, the speed at which you collect it; variety, the various data types you have access to; and, variability, the potential for data sources and formats to change dynamically. With these commonalities government agencies can share best practices for maximizing the value of data.
The value of big data is its ability to unlock new insights, trends and patterns, which drive improved business and mission outcomes. However, federal agencies must determine the right approach and solutions to meet their objectives, whether it’s addressing insider threats or providing better services to constituents.
To learn how Splunk is helping government organizations use their data in new ways, check out this new Operational Intelligence and big data report.