In this article for Dark Reading, Sirius Federal software practice director Charles Fullwood examines why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don’t control.
Every day, IT security teams are inundated with data — security events, network flows, configuration information, and so on — which then must be collected and analyzed for potential vulnerabilities. Your team probably has a solid, established approach or even a documented strategy for doing this. If so, great. But is that enough?
The data collected by most security tools, such as firewalls and antivirus software, is structured — that is, organized in an easily searchable, relational database. Structured data, however, amounts to only a small portion of a larger, more complicated puzzle. It’s the remaining unstructured data that security teams struggle most to collect, analyze, and act upon — and the amount of unstructured data only continues to increase.
Think of how much security data flows from sources you don’t control, including the massive swaths of unstructured data living on the Deep Web — from blogs, forums, or bookmarking sites. This unorganized, often text-heavy data accounts for a majority of the Internet’s data. IDG believes unstructured data is growing at the rate of 62% per year, and that by 2022, 93% of all data will be unstructured. How can IT teams keep pace? The answer could lie in cognitive security — the use of big data platforms, data mining, AI, and machine learning to analyze raw data whether structured and unstructured.
But first, let’s examine the problem.
Why It Matters
Understanding the magnitude of this issue requires examining the foundation of current security measures. Traditional security focuses on mitigating external threats — perimeter defenses to ward off the bad guys. As such, we often focus our security strategies on firewalls, antivirus software, and secure passwords.
Security innovation has almost always had this perimeter philosophy at its core. However, a myopic focus on perimeter protection severely limits the overall security strategy, potentially rendering it ineffective without complementary, proactive measures in place.
Consider the average IT organization’s reaction to the hundreds of thousands of daily security events. The process for today’s security teams involves analyzing data from antivirus software and firewalls, and then correlating that data to create a story, which in turn helps inform a solution.
In the process, security professionals are left with mountains of events to manually analyze and execute. Meanwhile, when they’re busy responding to old threats, new threats continue to arise undetected. Consequently, the entire team finds itself fighting fires instead of solving or preventing problems. That doesn’t leave much bandwidth for data aggregation and analysis.
Unstructured, Untold, Unknown
Next, let’s think about how we, as IT professionals, share and consume security information, particularly during a major crisis. The current norm for security professionals is to update websites and social channels to explain how they’ve addressed a particular security issue and simply hope it reaches all relevant and necessary parties. Take, for example, this year’s WannaCry attack.
The first real solution offered to organizations affected by WannaCry was explained via Twitter, by a user known as MalwareTech. Although certainly helpful, social is by no means a perfect means of circulating widely sought, urgent information to security teams around the world. Merely posting online assumes that in the middle of a major crisis, frantically busy security professionals are manually scouring the Internet for the information you’re providing — something few people have time for in calmer times, let alone when the proverbial sky is falling.
Information sharing is critical to IT security — not only within individual organizations, but in the security industry as a whole. We rely on one another to share information about new and known threats, and often benefit from each other’s knowledge and experience. Unfortunately, the majority of information generated and shared by security professionals about breaches, threats, malware, etc., is unstructured, and thus much more difficult to unearth and apply in real time, particularly during critical security events that require immediate action.
How much time is lost and how much damage done, simply because we lack access to or awareness of viable solutions provided by our industry peers? Or because we lack a strategy for gathering and analyzing the flood of unstructured data at our disposal? This is where cognitive security offers vital, immediate benefits.
Welcome to the Cognitive World
A cognitive approach uses AI, data mining, and machine learning technologies to parse through thousands of security feeds and data sources — including the low-key, often invisible world of white- (and black-) hat bloggers and discussion forums — to aggregate and analyze unstructured and structured security data. Meanwhile, a security professional works to perform predictive data analysis, ultimately training the system on best practices, organizational policies, and more.
Over time, the system begins to learn on its own, including how to prioritize events and recommend responses. While cognitive security cannot replace existing security tools — antivirus software, for instance, or intrusion prevention systems — the data generated can be plugged into traditional perimeter defenses. As a result, IT pros gain a better understanding of their data’s meaning and how to convert insights into action.
Beyond the Perimeter
Unstructured data will only continue to proliferate. It’s time to get ahead of it so that security teams can better locate analyze and respond to threats. That requires thinking beyond the perimeter and embracing security technologies that will bolster traditional defenses and provide a more proactive, intelligent security strategy.
This article first appeared online at www.darkreading.com, a publication of Information Week.
October 31, 2022
Sirius Federal Awarded CMMI Level 3 Certification
Sirius Federal, a CDW Company, a leading national IT solutions integrator for the federal government, announced today that it has been awarded the distinguished Capability Maturity Model Integration (CMMI) Level 3 certification. The CMMI certification was created by the Software…
November 16, 2021
Sirius Federal Named Cisco Federal Intelligence Partner of the Year at Cisco Partner Summit 2021
Crofton, MD – 16 November 2021 — Sirius Federal, a Sirius Computer Solutions Company, has been named the Cisco Federal Intelligence Partner of the Year for the second time in three years. Cisco announced the winners during its annual partner…
October 21, 2021
How Proper Collaboration Tools Make or Break Long-Term Telework Plans for Federal Agencies
Effective collaboration tools can eliminate silos and accelerate missions. But getting to a modern and secure collaboration environment can be a daunting task for federal agencies, especially with today’s mobile workforce. In the year and a half since the onset…
April 8, 2021
Federal IT Focus Areas for 2H of 2021
In the aftermath of an unprecedented year riddled with a teleworking surge, election-year tension and—last but certainly not least—a global pandemic affecting every industry and organization in our nation, it’s safe to say that 2021 was welcomed with open arms.…
October 3, 2020
5 Tools to Help Federal Employees Return to Work Safely
As COVID-19 restrictions continue to ease across the country, federal agencies are slowly bringing employees back into the office. However, many employees who have spent several months working in a remote environment may be nervous about returning to the office,…
October 2, 2020
Using the CDM Program to Keep Federal Networks Secure No Matter Where Employees Work
As federal agencies deal with the impacts of the COVID-19 pandemic on where and how employees work, federal CIOs that were already facing constraints securing their networks prior to the pandemic now have to contend with network security for the…
October 1, 2020
Remote, Hybrid, Onsite – Tools To Secure Federal Networks No Matter Where Teams Work
As COVID-19 restrictions ease, federal agencies are beginning to bring employees back into the office. Whether teams are returning to the office full time, continuing to work in a remote environment, or using a hybrid approach, the top priority is…
September 9, 2020
Sirius Federal Awarded ITES-SW2 Contract
Crofton, MD—September 9, 2020— Sirius Federal, a Sirius company, has been awarded the Information Technology Enterprise Solutions-Software 2 (ITES-SW2) contract. In addition to helping save time on procurement and cutting costs by consolidating their software purchases, the ITES-SW2 contract allows…
September 3, 2020
Sirius Federal Gives Back to the Community Through Virtual Food Drive
Philanthropy and community outreach have always been an integral part of Sirius Federal’s corporate culture. To support those in need in our communities, Sirius Federal is running a Virtual Food Drive during the month of September to support the Maryland…
November 30, 2019
Ignore the Workforce at Your IT Modernization Peril
Federal agencies are currently faced with the daunting task of modernizing billions of dollars’ worth of outdated technology. On the path to IT modernization success, the investment in technology represents only half the battle though — agencies also need to…
November 8, 2019
Sirius Federal Named Public Sector Partner of the Year and Federal Intelligence Partner of the Year at Cisco Partner Summit
This week, Sirius Federal was recognized for our leadership in the public sector by receiving two awards at the Cisco Partner Summit in Las Vegas, NV. Sirius Federal was named the Americas Geographical Region Public Sector Partner of the Year…
September 6, 2019
Protecting your Agency from Phishing
As we spend an increasingly large percentage of our time online, we’ve become aware of the malicious tactics used to trick us into downloading malware or betraying our credentials. Even as our built-in threat detection improves, we risk letting it…
June 12, 2019
Choosing an IT Solution Provider that Keeps Projects on Track
Most of us have experienced a project that hasn’t gone quite as planned. Information wasn’t received at the right time, different teams had completely different interpretations of the requirements, or somebody didn’t realize they were responsible for a task. Little…
March 12, 2019
TechTarget: Big Blue Drives Collaboration Among IBM Business Partners
IBM is investing in resources and business processes to make it easier for IBM business partners to create alliances with each other. Following last month's IBM Think conference in San Francisco, Senior Director of Software Practice Charles Fullwood discusses the…
February 27, 2019
Deployment and Resident Engineers Deliver On-Site Solutions
At Sirius Federal, we provide solutions. From infrastructure management to cloud migration, we create custom answers to federal IT’s most pressing problems. But we believe strong, sustainable solutions involve more than just software and hardware. What agencies often need most…
August 21, 2018
WBJ: Here’s What it Takes for a Mid-Tier Maryland Contractor to Compete in Evolving Federal IT Marketplace
More than three-fourths of federal government agencies — about 77 percent, according to a Government Accountability Office report — will not meet their planned technology modernization goals by the end of the year. Our CEO, Mike Greaney, recently sat down…
August 17, 2018
The Rally Call for Digital Transformation Is Here: Are You Ready for the Journey?
Today, digital transformation has become the rallying cry for government organizations aiming to innovate and improve operations. The promise of digital transformation is profound: faster and more informed decision-making, improved customer insights, greater cost savings, more reliable products and services,…
October 17, 2017
3 Tactics to Avoid Insider Threats Posed by Third-Party Contractors
"The balance between too much security and too little is delicate. Overzealous access policies can bring efficiency and productivity to a screeching halt. But an overly lax approach can expose sensitive data to people who don’t need it and shouldn’t…
October 10, 2017
Improving Insider Threat Detection with Security Integration
With cyber-attacks like Nyetya and WannaCry dominating headlines over the last several months, you’d think malware would top the list of security pro’s biggest concerns. But you’d be wrong, according to the SANS Institute’s 2017 annual data security survey. While…
October 2, 2017
Expect security, cloud spending in 2018 Federal IT Budget
In recent interviews with TechTarget, industry leaders--including Sirius Federal's Greg Kushto--cited an uptick in federal IT procurement activity during the government's fiscal fourth quarter and expected FY 2018 to feature security and cloud investments. IT solution providers planning to pursue…
May 15, 2017
NextGov: How to Unleash Federal IT Workers as Changemakers
Written by Sirius Federal's vice president of client solutions Jason Parry, this article was originally published at www.NextGov.com. The public-sector workforce has always been plagued by stereotypes. To the layman, “government job” calls to mind images of a middle-aged bureaucrat,…
April 25, 2017
SearchITChannel: New tech, old virtues keep server virtualization going
"Server virtualization is well past the peak of the technology adoption curve, but SMB customers, open source technology and hybrid clouds keep demand going." —John Moore, SearchITChannel Server virtualization platforms have been around for ages and would seem to be old…
April 4, 2017
FedTech: How to Make the Most of the Federal Hiring Freeze
Although the freeze may constrain resources, it is also an opportunity to conduct an IT inventory, invest in training and prioritize projects. In this article for FedTech, writer Phil Goldstein addresses how federal agencies are handling the recently announced federal…
