Every day, new innovative cyber threats stealthily target federal networks and critical infrastructure. At great cost, defenders have deployed scores of complex cybersecurity tools that emit and absorb data on a mind-boggling scale. Now, untamed terabytes of disparate data fatigue security analysts with false alarms—and multimillion-dollar annual data storage costs make it hard for agencies to retain data for the long term. To get ahead of the threats, organizations must stop drowning in their own data and start collecting, managing, and using all this information to full advantage.
Federal Civilian Executive Branch (FCEB) agencies have millions of endpoints—and since tooling for detecting and responding to threats often exceeds minimum requirements, the total data volume could top 125 terabytes per day. Dealing with such vast and varied data demands a new approach—data-driven cybersecurity. This goes well beyond deploying controls, dealing with indicators of compromise, and heeding recent federal guidance on advanced data-logging requirements. Organizations must also link datasets of many kinds to detect patterns of malicious behavior. In this way, they can better anticipate, prevent, detect, and respond to emerging threats.
Today, many security teams can’t make the most of their data and hence can’t deliver value for the entire organization. Teams are forced to choose which data to collect when technology advancements and security budgets are out of sync. And that means agencies and critical infrastructure entities are losing ground to worsening digital threats—because they aren’t using data as an asset.
Data can be a superweapon to achieve strategic priorities and safeguard critical missions with advanced cyber defenses. But that requires novel ways of sharing information—and enabling collective thinking—to distill actionable insights. And that means focusing more on data analytics, artificial intelligence (AI), and machine learning (ML). In a recent Booz Allen-commissioned survey of 175 individuals involved in the development, analysis, and review of U.S. cybersecurity practices and policies, more than half of respondents rated cyber data analytics (63%) and cyber-focused AI/ML (58%) among the most important aspects of cybersecurity.