Industry voice: Public authorities need people who will ask difficult questions to identify potential weaknesses and a data platform that can provide the answers, writes Gordon Morrison, director, government affairs at Splunk
A clear message emerging from both presentations and discussions at UKAuthority's Public Sector Cyber Forum is that cyber security is not just a technology problem; it has as much to do with people and processes, and the expansion of vulnerabilities that emerge from the increasing scope of public sector digital systems.
As public authorities explore the potential of emerging technologies such as artificial intelligence, augmented reality and the internet of things they are tapping into enormous potential. But the explosion in the number of connected devices and sensors, combined with the rising number of connections to cloud services and other organisations’ digital systems, is creating a big growth in the number of potential points of vulnerability.
It is opening up an array of opportunities for cyber attackers and multiplying the complexities around the effort to create robust defences.
From Splunk’s perspective, an important element of the response is for public authorities to harness the relevant data that they hold and use the talents of people who think in the same way to cyber attackers. They need people who will ask similar questions to the attackers but turn these towards improving their protection, looking closely for weak points not just in an organisation’s IT infrastructure and networks, but along its data supply chain to cloud services and connections with other organisations. They will have to ask questions about what could happen if these weak points were targeted in specific ways, and what type of pressures would undermine their network security.
These people need access to vast, real-time datasets on the performance of digital infrastructure, the activity in IT operations and network traffic. Multiple sources of information are available – such as logs from firewalls, malware detection systems and domain controllers – and the emergence of a new generation of data tools and machine learning is making it easier to pull it all together and sort through the mountain of data for analysis.
When they ask questions these tools can provide answers quickly, and lead to new questions about risks and weak points. It can help organisations to better understand their own operations, in terms of the technology, people, processes and expansion of vulnerabilities.
The right type of data platform can provide the capacity for the specialists to do this – to ask questions, test their ideas, fail quickly and safely, and develop solutions that stand up to real world operations.
Platform for answers
This is where the Splunk platform comes in. It provides a cloud based solution for extracting the crucial data from security systems, IT operations and the IoT, providing the answers that help to focus efforts more clearly.
It can also bring cyber security into a wider loop, feeding into the management of IT operations and business analytics. All three are relevant to each other and the data from each can be used to strengthen the others. But they need a space in which the specialists can ask the questions, test their ideas, fail quickly and safely, and develop solutions that stand up to real world operations.
It includes a security information and event management (SIEM) function that draws on user and entity behaviour analytics to help organisations identify the key points from the data. This provides an overview of security, supports investigations of any attacks, provides automated compliance reporting and helps to streamline security policies in response to actual threats.
Crucially, it also ties in with other functions – the ability to automate the swift execution of security actions and to detect and deflect ransomware threats – to mitigate risk and provide an effective defence against attacks.
Holistically this enables the public sector to respond to the key demands around cyber security. It enables them to understand their own operations better, in terms of the technology, people, processes and expansion of vulnerabilities. The Splunk platform helps them to develop credible metrics, evaluate the evidence and assess where the weak points could appear.
It harnesses the power of machine learning, enabling organisations to identify problems and move at a speed not possible when relying on human interventions. And it helps their security team to think like attackers and take the pre-emptive steps to keep the organisation safe.
Harnessing data from a wide range of operational inputs is a crucial element of cyber security, but many public authorities are not making full use of it in the cause. We need to be mining our data to strengthen cyber security, and provide safer, more reliable services for the public over the long term.
Learn how to combat threats with actionable intelligence and advanced analytics from Splunk Enterprise Security - https://www.splunk.com/en_us/software/enterprise-security.html
Download Splunk’s briefing note on securing your organisation against unknown threats through user and entity behaviour analytics - https://www.splunk.com/pdfs/technical-briefs/splunk-for-advanced-analytics-and-threat-detection-tech-brief.pdf
Contact Splunk to discuss how you can harness data and machine learning to take your security operations to the next level
Image by Kai Stachowiak, CC0 via Wikimedia Commons