Today, government is in a transitional phase where agencies are starting to proactively address many cyber-attacks and threats; however, recent breaches, like last year’s OPM hack, demonstrate that we need to detect advanced threats more rapidly. One way to do this is through leveraging behavioral analytics and machine learning across data that is being generated in real time and concurrently mining and analyzing the petabytes of data that government entities already store. According to Ponemon Institute’s 2016 Big Data Cybersecurity Analytics Report released in August 2016, 65% of respondents believe the use of big data analytics is very important to ensuring a strong cybersecurity posture. However, 72% of respondents also said that it’s impossible to leverage the power of big data analytics for security purposes with the restrictions of traditional systems. In fact, conventional security event monitoring products weren’t purpose built for threat detection and advanced analytics, rather they were designed to collect, retain, and report on security events after they occurred. This means these traditional tools do a poor of job detecting threats, therefore creating more work for security teams by falsely flagging suspicious events.
As the world becomes more interconnected and systems more complex the number of advanced attacks will continue to increase. It is clear that these older Gen 1 SIEM type solutions are no longer sufficient for the level of cybersecurity that government organizations need. For more rapid detection and remediation against today’s threats, organizations need real-time analytics, providing stronger context and focusing attention on the key alerts that need immediate investigation by experts. To make this happen, anomaly detection and user behavior analytic solutions need access to real-time data – a lot of data.
Organizations that already collect data can run parallel analytics on that same data to identify real threats without having to extend their human capital. But how, you may ask? Earlier this year, Cloudera, who offers the first unified platform for big data management and analytics built on Apache Hadoop, and Securonix, who purpose-builds advanced security analytics technology, announced their partnership and joint solution, SNYPR. SNYPR delivers a combination of data storage and user behavior analytics through a secure platform that takes big data and transforms it into actionable security intelligence. With its data-driven approach, SNYPR uses context-enriched anomaly detection to give organizations a 360-degree view of events, users, access, and transactional application data, helping to recognize threats and organize events based on risk protocols.
SNYPR is able to harness the power of big data and put actionable, threat-based intelligence derived from an agency’s existing data stores into action. This capability empowers security leaders to more effectively combat cyber threats and reduce cyber risk with fewer resources at a lower cost. Public sector organizations can use SNYPR to:
- Detect privileged account misuse
- Protect endpoints
- Defend themselves against insider threats
- Safeguard employee records
With Cloudera and Securonix, organizations of all types and scale have reduced security event false positives by over 90%, radically reducing the response time. Government entities are also able to leverage the full power of their data stores to achieve pervasive cybersecurity analytics and to recognize anomalous and security-relevant events which helps to keep agencies ahead of their clever adversaries.
For more information on how the combination of Cloudera’s and Securonix’s portfolios is empowering organizations to reach the levels necessary to effectively counter today’s cyber threats check out this solution brief.