Cyber Big Data

Cyber Big Data

Michael T. Dent, CISO, Fairfax County Government

Michael T. Dent, CISO, Fairfax County Government

Cyber security in today’s enterprise is somewhat synonymous. Organizations are now challenged with ingesting huge amounts of data and what to do with them, cyber security is no exception.

Fairfax County’s Next Generation Cybersecurity Program’s main objective is to deploy nextgen security technologies that use big data for smart analytics, monitoring, detection, notification, and reporting. A combination of regulatory compliance and policy require us to retain large amounts of data. Most vendor solutions (endpoint security, email security, nextgen firewall, Security Incident and Event Management (SIEM), DNS security) implemented in our cyber security-in-depth infrastructure approach applies some Machine Learning (ML) and Artificial Intelligence (AI) into the data for anomaly detection and predictive analysis. These solutions have their own central data collection, shared across their client base and security threat databases across the cloud, applies those ML/ AI techniques. ML enables automated analysis of huge data sets for high and effective detection performance. Features within security devices are used that will enable detection and smart blocking to bad sites and applications. (use of URL Filtering databases, malware analysis and prevention, DNS security, etc.). Maintaining a database of known bad domains and URLs out there also adds to the defense in depth capabilities.

For our SIEM and future log and event management needs from applications, server systems, IoT, critical infrastructure, HIPAA & PCI related infrastructure, we are utilizing one of the industry best SIEM products. Defense in depth only works well if one knows what is going on around them, utilizing our SIEM, we are able to ingest huge amounts of data or high message rates from every security source (firewalls, IPS, email security systems, management systems, authentication servers, endpoint security, endpoint security systems, mobile device management), network devices (routers, switches, wireless controllers), Microsoft servers ( Exchange, AD, etc.), web and application servers, etc. The SIEM uses machine learning/AI to predict when and where we can act fast to minimize security incidents and be proactive.

"Big data analytics allows us to identify anomalies and advance attack vectors proactively"

We mainly use big data analytics in security to:

• Identify anomalies in device behavior. Events and data from endpoint security—identify anomalies in employee and contractor behavior. For example, someone downloading large amounts of data from a critical system, database system, or a system that contains private corporate data.

• Identify and monitor privilege access to any system

• Detect anomalies in the network. Sudden spikes of connection and data rates from the norm, sudden spikes of DNS requests and lookups from protected systems and user devices, routing protocols bouncing, interfaces bouncing, switch/router CPU sudden increase. Sudden spikes of Internet “outbound” data rate will send alerts

• Monitor and detect repeated authentication failures

• Identify and monitor sudden spikes in CPU and hardware resource usage.

• Identify and monitor internal systems with regards to their destination IP addresses. Geolocation and geoblocking identification. For example, traffic destined to countries that we don’t do business with.

Big data analytics allows us to identify anomalies and advance attack vectors proactively. The use of ML combined with cloud threat prevention data and advanced correlation techniques is key to detect threat activities and respond when needed before it’s too late. As you can see, big data plays rolls in multiple disciplines and cyber security is one of them. The smart way to handle big data is to not reinvent the wheel by creating stove pipe systems or data bases that cannot be shared across disciplines.

Weekly Brief

Read Also

Change Management: Part 1: Don't Bump The Fish Bowl

Cory Godwin, Director of Jail Operations,Walton County Sheriff's Office

Cyber Mutual Aid

Dennis Tomlin, Chief Information Security Officer,Multnomah County

How Local Governments in Rural America are Combatting Cybersecurity

Shane McDaniel, Director of Information Technology,City of Seguin

EMS: An Alarming Situation in the Healthcare Landscape

Dave Edgar, Assistant Chief Emergency Medical Services,City of West Des Moines

Disaster Recovery in Emergency Management. No, Not That Kind!

Brent A. Olson, CEM, Director, Office of Homeland Security and Emergency Management, City of Phoenix

To Curb Climate Change and Design for Whole Life Carbon, the HVAC Industry Needs a More Transparent Roadmap

Rebecca Delaney, P.E., Associate Director and Operations Leader for Sustainable Engineering Studio, and Luke Leung P.E., ASHRAE Fellow, LEED Fellow, BEMP, P Eng, Director of Sustainable Engineering Studio, Skidmore, Owings and Merrill