The Pentagon has announced the initiation of a program to develop an integrated threat analysis system that will significantly improve the Defense Department's ability to identify network security vulnerabilities by leveraging the power of Big Data analytics. The Defense Advanced Research Projects Agency (DARPA) Information Innovation Office (I2O) will host an informative briefing on January 30th in a run-up to a Broad Agency Announcement (BAA) in a few weeks that will include a Request for Information (RFI) that will officially commence the process for accepting proposals from vendors for the development of the Cyber Targeted-Attack Analyzer (CAT) Program, according to a Special Notice released by DARPA, the DoD's research and development branch.
The CAT program is designed to better utilize limited resources by reducing the amount of time spent coordinating cyber threat intelligence at the Department of Defense in order to more easily identify cyber-attacks and system vulnerabilities by "federating and correlating disparate network data sources."
"Changing the way the information in the IT infrastructure is acquired, processed and made available to cyber defenders, and providing them with connected and correlated data, will directly address the scale-of-data problem," DARPA stated.
One of the biggest challenges for the development of the CAT program will be automating the integration of data from a myriad of information technology devices that are currently not standardized beyond established communication protocols, and providing the ability to effectively analyze inconsistent data sets across the DoD's entire network.
Though specific details of the requirements have not yet been released, DARPA indicated that solutions will need the ability to:
- automatically index data sources on the network with minimal human intervention;
- integrate disparate data structures that do not have a consistent data structure; and
- allow operators to perform reasoning across the federated database (i.e., query relationships between any connected data fields across the network)
The goal of the forthcoming briefing at the end of the month is to provide attendees with an overview of DARPA's initiative to bolster the threat detection process by breaking down disparate data silos and promote an open examination of "synergistic capabilities" amongst the candidates for the development of the CAT program, as well as provide more background on the soon to be issued CAT BAA proposal requirements.
Integrating Big Data analytics into security programs provides enhanced visibility and more proactive incident response capabilities, as intelligence-driven security allows organizations to better defend against unidentified threats. The trend was documented in a recently published Security Brief issued by analysts at security provider RSA, who anticipate that Big Data will be the driving force behind major changes across nearly every discipline in the security industry over the next few years.