Page 35 - FCW, June 15, 2016
P. 35

analytics via security intelligence, can provide key cyber- security capabilities. Along with analysis of cyberthreat- related data sources (e.g., through Domain Name System, NetFlow or query results), continuous monitoring provides the needed context for fusion of data — data that can be analyzed using tools that produce actionable, meaningful and timely information for CISOs and CIOs to address the most important issues affecting their agency and deter and prevent cyberthreats.
Even basic cyber analytics can be used to proactively highlight risks and to identify, monitor, and address threats and vulnerabilities, thereby helping agencies achieve predic- tive and preventive cybersecurity capabilities.
However, cyber analytics can be greatly enhanced by cognitive-based systems, which can build knowledge and learn, understand natural language, and reason and interact more naturally with human beings. Cognitive-based systems can also put content into context with confidence-weighted responses and supporting evidence, and can quickly identify new patterns and insights.
Specifically, cognitive solutions have three critical capa- bilities that are needed to achieve security intelligence:
• Engagement. These systems provide expert assistance by developing deep domain insights and presenting the
information in a timely, natural and usable way.
• Decision. These systems have decision-making capabili- ties. Decisions made by cognitive systems are evidence- based and continually evolve based on new information, outcomes and actions.
• Discovery. These systems can discover insights that could not be discovered otherwise. Discovery involves finding insights and connections and understanding the vast amounts of information available.
By using such systems, agency executives involved in cybersecurity can move from a basic to an optimized level of security intelligence, as depicted in the table below.
Achieving cybersecurity protection preserves mission success while achieving key objectives for agencies’ secu- rity programs. By developing true security intelligence, the government can move from a basic (manual and reactive) to an optimized (automated and proactive) posture to secure critical systems and the valuable information they house. n
John Lainhart leads IBM’s Public Sector Cybersecurity and Privacy Services. Christopher M. Ballister is a cyber- security and privacy expert at IBM. A version of this article appears on the IBM Center for the Business of Government website.
AWS.AMAZON.COM/DCSUMMIT #AWSPSSUMMIT
June 15, 2016 FCW.COM 31


































































































   33   34   35   36   37