Insight by KPMG

Creating, deploying the right analytics drives better cyber protections

Over the last six or so months, agencies and companies received a stark reminder about the challenges of securing systems and data.

From SolarWinds to Microsoft Exchange to Pulse Secure, the impact to agency networks and systems has been real and is forcing, once again, a call for real change to federal cybersecurity.

President Joe Biden’s recent executive order aims to drive significant upgrades to how agencies and industry think about and apply cyber protections.

At the heart of the EO—and really so many governmentwide efforts—is data.

In fact, the order calls on agencies to adopt security best practices; advance toward a zero trust architecture; accelerate movement to secure cloud services and to centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks.

Additionally, the Cybersecurity and Infrastructure Security Agency at DHS plans to spend some of its $650 million windfall from the American Rescue Plan Act on improving their capacity to conduct analysis of cybersecurity information coming to better understand risks and threats across the government.

It’s clear that data is key to everything agencies can do to protect their network and systems.

Viral Chawda, a principal and head of artificial intelligence, analytics and engineering for the government sector at KPMG, said once agencies truly understand their cyber data, leaders can have insights into things like what applications still don’t require multi-factor authentication, what hardware is going out of support, how much of a workload is in the cloud, which devices are using non-compliant software and so much more.

“From there you go to diagnostics analytics, which helps us answer question like, ‘Why it’s happening? Why is the migration to cloud slower than what we planned for? And how can we focus our resources on high risk areas like productivity, quality model, confidence, value delivered and cost management,” Chawda said on the show Modern Government: Cyber Analytics sponsored by KPMG. “Having a clearly defined matrix helps measure and monitor a defined set of indicators, and use effective interactive tools like visualization and dynamic drill downs to better understand cyber risk at the summary executive level all the way down in the detail of operational execution.”

Chawda said as agencies improve their understanding and application of their data, they can mature their cyber risk approach.

“If we can break it down into two types, predictive analytics, which tries to identify high risk areas before threats are exploited, and prescriptive, which is very advanced and it’s about recommending specific set of actions to respond to those risk analyses,” he said “Advanced analytics has many potentials to identify hidden risk and bring more value, but it also requires more sophisticated skills such as machine learning and predictive modeling or scenario planning and optimization.”

Public and private sector organizations have found benefits in applying cyber analytics ranging from improving their annual assessments to identifying risks more quickly to knowing what type of tool to buy that will make the biggest impact on their cyber protections.

Chawda said answering the questions around tools is become more critical as agencies are becoming overwhelmed by the sheer number they are using.

“Companies need to define a well-rounded set of high-level dashboards to meet their objectives and collect cyber data in a matrix [approach] because it’s cross functional. To get the complete security posture, you need to bring data across all the components inside your environment and from third party providers,” he said. “After defining a set of matrix, we need a continuous monitoring approach that can be standardized around the collection, curation and processing of cyber related data, which helps baseline the performance from a historical perspective and benchmark that risk indicator against other agencies or other companies. In this way, organizations can get an early warning, when observing abnormal behavior or drastic fluctuations within the data. Leadership can obtain the cyber risk picture through this mechanism in real time or on an impromptu basis, rather than waiting for the annual assessment report to come out or even, at best, on a periodic basis.”

Chawda offered one example where KPMG worked with a large client to apply a machine learning-based approach to detect command and control servers.

“Attackers use command and control servers to maintain communications with the compromised system. With this automated data pipelines and machine learning algorithm, it saved them months from having to manually scan 1000s of domains. We were able to identify more than 50 previously unknown detections, that existing rules couldn’t blacklist. This helped optimize the security analysts’ performance and prevented potential breach,” he said.

For the most part, public and private sector organizations already are using data to drive cyber decisions.

Chawda said many organizations, however, can be better organized by creating a strategy that outlines a roadmap, sets data standards and baseline metrics and defines risk indicators.

“Once that energy is being channelized in that focused area, it can drive results very quickly. Once that is done, meaning after the matrix program is maturing, the next step is to leverage advanced analytics to solve agency’s most urgent business problems in securing the systems and infrastructure,” he said. “This phase will continue to build upon the data pipeline and insights from the prior steps. By following an iterative machine learning model development approach, with feature engineering, model training, model governance, model deployment and prediction. Fortunately, the advent of big data and the compute capacity and capability in advance of governance, governments and companies now have ways to counteract cyber attacks.”

Defining Cyber Analytics

Companies need to make efforts and define a well-rounded set of high level dashboards to meet their objectives and collect cyber data in the matrix because it's cross functional. To get the complete security posture, you need to bring data across all the components inside your environment and from third party providers.

Recommendations for Agencies Using Cyber Analytics

Behavioral analytics allow agencies to flag suspicious emails or badge check-ins or downloads or access to unauthorized sites and assets or even attempted access to those sites and assets. It helps us in identifying deviations from pattern of normal and expected behavior, whether that's web traffic for those employees or contractors while browsing the network, or the network package content across the servers. So that's how AI is able to play an increasing the critical role in preventing, detecting and remediating cyber threats.

Listen to the full show: 

Featured speakers

  • Viral Chawda

    Principal, Head of AI, Analytics and Engineering, Government Sector, KPMG

  • Jason Miller

    Executive Editor, Federal News Network