DISA has recently been gaining traction with its cybersecurity analytics cloud and the agency is starting to look for new ways to use big data analytics to secure DoD networks.
As big data grows more prevalent and its benefits become increasingly apparent, more organizations are beginning to utilize the technology. One such group is the Defense Information Systems Agency, an arm of the Department of Defense. DISA has recently been gaining traction with its cybersecurity analytics cloud and the agency is starting to look for new ways to use big data analytics to secure DoD networks. DISA’s Cybersecurity Situational Awareness Analytical Cloud collects data from different points across DoD networks and merges that information into one place to keep an eye on events, issues or anomalous behavior that might pose a threat to the department.
A year ago DISA launched Acropolis, a big data cloud program similar to a platform used by the National Security Agency. Acropolis was designed to aggregate, correlate, analyze and reduce cyber threats to DoD networks, including insider threats. Currently Acropolis is utilized as a big data storage platform for the CSAAC and allows the cloud to offer improved analytics capabilities.
Now DISA is using its Web-filtering program and connecting it to the Acropolis analytical warehouse for use in the agency’s Continuous Monitoring and Risk Scoring program. A Web-based visualization tool, the CMRS monitors threats to cybersecurity across DoD systems. According to the Federal Times, officials with the DoD say the cybersecurity systems enable the department to have a more comprehensive understanding of activity on DoD networks and the threats facing them at any given time.
“We have a lot of challenges right now. How do we improve cybersecurity, improve operational effectiveness and really drive down cost and become more agile,” said Jack Wilmer, deputy chief technology officer for enterprise services at DISA. “Balancing and finding solutions that enable us to do all of those things is a really tricky problem, but one we’ve invested heavily in and one where we’re making a lot of headway.”
Using big data to reduce complexity
There are a variety of DoD networks and data centers, all of which are widely dispersed and monitored by different bodies throughout the department. Using big data security, the CSAAC is able to give users a more highly detailed understanding of what’s happening on the networks, making it easier to see the big picture and reduce the issues created by gaps in communication. The system filters 150,000 Web events per second and is able to learn from them and grow tocreate a stronger and more secure network.
“You may notice a network anomaly somewhere, say a high spike in utilization in some devices,” said Wilmer. “But if you’re only focused on that specific event, you might miss some correlating events elsewhere in the network or higher up the stack.”
The use of Acropolis’ security information and event management benefits the military by making it possible for each branch to take advantage of the others’ analytics and in-house capabilities, creating a network that is more robust and secure overall.