Setting up this type of data mining capability does not require particularly sophisticated technology, but crucially you need data feeds from your various tools, partners and threat intelligence. With this, one of the many available data analysis for cybersecurity tools can start filtering and correlating security events. This is crucial because more often than not, a security incident is not an isolated event and with data analysis, you can start identifying patterns that will help you investigate and remediate a particular attacker and their techniques.
Only with this type of situational cybersecurity awareness capability, will the cybersecurity department of a large organisation be able to rapidly investigate, remediate and effective protect against cyber-threats.
Yet big data analysis for situational awareness is just one part of the cybersecurity eco-system. Other aspects include training, business continuity planning and information sharing. Anil summarises the key investment areas as follows:
Cyber Defence - Where to Invest?
Invest in Situational Awareness
- Collect, assess and visualize suspicious network traffic (incoming, internal and outgoing)
- Perform Post-‐Incident Analysis (link incidents to campaigns, threat actors, modus operandi)
- Know your own data and traffic (what is expected)
Invest in Resilience
- Enterprise Policy (strategic, whole of enterprise, frequent reviews/updates)
- Centralized Governance (roles, liabilities and procedures)
- Effective Capabilities (Prevention, Detection, Response and Recovery)
- Diversified infrastructures (alternative bandwidths, date centers, gateway options)
- Capacity Building (Human resources, Exercises and Training) Business Continuity Plans (BCPs)
- Service providers, suppliers
- National stakeholders
- Regional/International stakeholders
This is just a short summary of Suleyman Anil's presentation. To learn more about NATO's cybersecurity capabilities and best practices, watch the full video below.
Sign up for CIO Asia eNewsletters.