Advanced Analytics Help National Security Intelligence Analysts Detect Threats
Phillip Britt
securityintelligence.com
August 12, 2016
National security forces’ intelligence analysts are increasingly utilizing advanced analytics to keep up with the growing number of threats against the U.S. This technology supports the human-led process of combining advanced analytics and intelligence analysis capabilities to recognize and take action against potential threats. These tools have proven to be invaluable when it comes to identifying homegrown and external threats tonational security.
HUGE SPIKE IN NATIONAL SECURITY THREATS
The number of information security incidents impacting the federal government has grown more than 1,100 percent since 2006, according to statistics from the Government Accountability Office reported by Network World
Additionally, the number of security incidents involving personally identifiable information reported by federal agencies has jumped from 10,481 in 2009 to 27,624 in 2014, an increase of more than 163 percent. Growth rates for both types of incidents show no signs of slowing.
NSA LEADS THE WAY
Intelligence analysts must rely on a variety of techniques to detect and thwart potential threats. According to CIO, the National Security Agency (NSA) has turned to analytics to assist in this effort.
The agency currently uses behavioral analytics that seek out anomalous behavior. If a user typically accesses sensitive information from his U.S. office during standard business hours, for instance, analytics will flag his request to access the same data from an international network at 2 a.m.
The NSA also uses real-time forensic analysis of cybersecurity software and appliances, including logs and firewalls on network devices, and layered, redundant techniques that leverage different resources to deepen defenses. For example, different intelligence analysts may review the same data and reports because one analyst may detect a threatthat the first analyst overlooks.
PREDICTIVE ANALYTICS SNIFF OUT INSIDER THREATS
Internal threats are a serious problem for many government agencies. Signal Magazinenoted that internal actors are responsible for 43 percent of data losses following security breaches. However, advanced analytics can aid in the fight against insider threats.
For example, Signal Magazine explained that the U.S. Department of Defense (DoD) uses predictive analytics to help track real-time data streams and identify indications of insider threats. The department’s predictive analytics efforts coincide with another government effort, the National Insider Threat Task Force, which incorporates automated predictive analytics solutions into process for discovering and stopping government employees who could pose security threats.
Predictive analytics can produce risk profiles on employees based on a combination of work-related behavior, personal conduct and other current data. The system can then determine if an employee might pose a threat to the organization or to other people by tracking elements including marital or legal issues. This enables officials to respond accordingly before an incident occurs.
A GROWING INDUSTRY
The growing number of cybersecurity threats is spurring increased government investment in analytics as agencies look to thwart attacks. The DoD will spend $7 billion on various cybersecurity technology in fiscal year 2017 and approximately $35 billion in the next five years, according to Defense Systems. As government agencies invest in more comprehensive analytics solutions, they will be able to provide better data for intelligence analysts, allowing them to recognize potential threats quickly and more effectively.
No comments:
Post a Comment