by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August and September 2016
S -12 SPONSORED CONTENT CYBER RESILIENCE G OVERNMENT AGENCIES are generating and consuming more and more data. Their determination to perform the analytics required to pursue hacks and defuse security exploits across their networks is driving this data deluge. Now they may be asking themselves, though, is their big data diet getting too big? According to Gart ner researchers , the amount of data expected to be pooled and analyzed by enterprise security providers will double through the end of this year. At that rate, data stores may tax the ability of agencies to perform sufficient threat analysis on their data early enough to prevent the next breach. Over the past decade, the workhorses of security data collection and analysis have been Security Incident and Event Management (SIEM)—a set of services offering real-time monitoring and correlation of security events as well as long-term storage and the reporting log data. SIEM combines security information management and security event management to analyze secu rity alerts generated by network hardware and applications. These technologies also log security data and generate compliance reports. Given the amou nt of information being collected and analyzed, SIEM is under constant pressure to do more with less. Security research- er Marcus Ranuu m recently suggested it was time to establish a next generation of SIEM capable of producing “less data that is more sig- nificant, while absorbing even more raw input.” Next generation SIEM technology will likely include advances in the data collec- tion and analysis of contextual data. It will also have new algorithms for both historical and real-time data analysis and the ability to monitor cloud and other emerging virtual environ ments. Gartner research director Anton Chuvakin says he envisions the debut of new and greatly improved analysis algorithms. These should also be able to operate in newer environ ments such as hypervisors and deep within applica- tions , “where an IP address means nothing and logs are even more esoteric.” Next generation SIEM technologies are also likely to incorporate a variety of new analytics techniques, i ncluding ways to help Security Operations Center (SOC) managers identify threats by examining behavioral patterns across security datasets. For example, growing demand for security analytics reflects the expanding interest in b ringing commercial business intelligence technologies into the SOC to help analyze security datasets. As agencies encou nter more sophisticated adversaries, challenges remain across the SOC. These challenges include how to handle security at the big data scale and how to reduce the time to respond to security attacks. Other ongoing hurdles include improving consistency and efficiency within the SOC, and how to integrate analytics capabilities to produce high quality results. Ultimately, however, building the next generation SOC will depend on how well agencies use next generation SIEM. It also depends greatly on how well it’s executed by individual analysts. Looking ahead, agencies with large security programs may not be meeting the mark. In driving the capabilities of the SOC using next generation SIEM, however, as well as new analytical capa- bilities, agency security executives should be able to move cybersecurity programs much fur ther downfield—and do a much better job. Tammy Torber t is World Wide Solutions Architect, Federal, HPE. TAMMY TORBERT WORLD WIDE SOLUTIONS ARCHITECT, FEDERAL , HPE IS YOUR AGENCY READY FOR NEXT GENERATION SIEM? As data stores continue to grow, SIEM tools are stepping up with advanced monitoring and analysis capabilities. Fearlessly innovate Cybersecurity confidence you can depend on Your mission requires enterprise security that’s built-in, not bolted-on. Where analytics proactively detect and respond to threats, and risk and compliance solutions underpin recovery plans to maintain operational continuity. Hewlett Packard Enterprise helps deliver a measurable reduction in risk so you can innovate fearlessly. Learn more at Carahsoft.com/innovation/HPE-Cyber Accelerating next Hewlett Packard Enterprise
June and July 2016
October and November 2016