The Defense Information Systems Agency is looking to integrate big data and predictive analytics into its suite of cybersecurity tools to drive more security automation, an agency official said Monday.
At DISA’s annual forecast to industry, Deputy Chief Technology Officer Jack Wilmer focused on the agency’s need to leverage data to support already-existing tools instead of buying new technology every time a new threat emerges.
“We can’t continue to just keep bolting on a new cybersecurity tool for whatever the latest and greatest threat is,” Wilmer said during a media roundtable. “Parallel to keeping pace with the latest and greatest attacks, we are going back to figure out how to optimize our investments.”
To avoid the status quo spending spree, DISA will soon release two contracts for a big data and analytics program that will be integrated into the agency’s Cyber Situational Awareness and Analytic Cloud platform.
Wilmer said that despite the separate awards, these capabilities will be used together to bring a better situational awareness across the military’s entire network.
“What we are trying to do is take this wealth of information we collect about our endpoints and aggregate it together to give senior leadership a better understanding of how well protected our enterprise actually is,” he said during a presentation at the Ronald Reagan Building and International Trade Center. “There are major changes we are trying to drive in each program to more efficiently and more effectively collect information and present it to senior leadership.”
While a lot of commercial big data platforms often have accompanying analytics capabilities, Wilmer said the agency will award the contract to whatever tools can “percolate the right data to the top” for senior officials to assess, even if they are from separate vendors.
“One of the things that we are looking at is how do we take data from the perimeter defenses all the way to the host defenses, and then make some actual decisions and get some actionable information out of that,” Wilmer said, adding that the big data component needs “to keep up with the daily ingest requirements that we have” for data.
That data will help DOD move away from signature-based cybersecurity and toward an automated platform that can respond to both known threats and zero-day vulnerabilities as quick as possible.
“The number of threats is increasing, the variety of threats is increasing, but the budgets are not following suit,” Wilmer said. “How can we posture ourselves to get to more automated, have fewer manually intensive tools, fewer manually intensive workflows and multiple screens for different operators?”
This push for security automation is something DOD Chief Information Officer Terry Halvorsen spoke about last week at a Christian Science Monitor breakfast, saying it was his goal to reach that in “the next 18 to 24 months.”
“The big difference in cyber is it moves faster than any other warfare experience,” he said. “The things that we do today in cyber probably wont be the same things that we do tomorrow.”
Wilmer echoed that sentiment Monday, saying Halvorsen’s timeline was “completely reasonable,” and DISA will have to evolve to keep up with adversaries.
“I think it is going to be an evolutionary thing,” he said. “It’s not like we’ll just deploy automated cyber defense and then we’re done with it.”
You can see the slides from Wilmer’s presentation on DISA’s website.