In addition to hostile enemy fire from kinetic weapons system platforms, future DoD battlefield engagements will include aggressive, well-coordinated, mature, cascading cyber-attacks from advanced nation-state adversaries. These technically competent enemy combatants will attempt to deny, destroy, or disrupt US military IT systems across the full spectrum of operations. Therefore, a critical component to further along our nation’s cyber defenses will be to develop a marked increase in our ability to conduct Advanced Analytics against offensive adversarial cyber tactics, techniques, and procedures. To do so, Symantec Security Analytics can provide the DoD with an automated capability that captures, indexes, classifies, and enriches all network traffic (including full packets). For the DoD, Symantec Security Analytics can consistently and accurately enable full retrospective analysis and provide combatant commanders with real-time situational awareness that is presented via clear, concise, actionable intelligence about cyber threats to warfighter applications, mission data, and “data in motion” content via:
• Layer 2 through 7 Advanced Analytics: Symantec Security Analytics provides variety of analytics tools, such as complete session reconstruction, data visualization, Root Cause Explorer, timeline analysis, file and object reconstruction, IP geolocation, trend analysis, and anomaly detection.
• Tight Integration across Existing and Future Deployed Cybersecurity Infrastructure: Symantec Security Analytics integrates tightly with best-of-breed security technologies (Symantec as well as non-Symantec tools), including security information and event management (SIEM) systems, next-generation firewalls (NGFW), intrusion prevention devices (IPD), malware sandboxing and endpoint forensics, which can immensely assist the DoD in leveraging their existing security investments and improve the effectiveness of established DoD cyber defense processes.
• Context-Aware Security: Symantec Security Analytics provides rich context for all security alerts, thus being able to provide the DoD with the details of what happened, before, during, and after an attack. DoD will then be able to pivot directly from any alert or log and obtain the full-payload details to support quick incident resolution and ongoing forensics activities.
Symantec Security Analytics can provide the DoD with the deep insights necessary to understand the context of security events across even the most extreme operating environments, so that our cyber defenders can quickly contain and remediate the full extent of a security incident and support post-event forensics activities. Architecturally, Symantec Security Analytics data is stored in an optimized file system for rapid analysis, instant retrieval, and complete reconstruction that can support all DoD incident response activities. Symantec Security Analytics can be deployed anywhere in the network: at the perimeter, in the core, in a 10 GbE backbone, or at a remote link in theater to deliver clear, actionable intelligence for swift incident response and resolution and real-time network forensics.
In short, Symantec Security Analytics can provide our nation’s cyber defenders with an ability to quickly contain and remediate the full extent of a security incident and support post-event forensics activities. The high-performance analytics, massive scalability, and centralized management capabilities of Symantec Security Analytics can provide the DoD with a dominant cyber position for mission success at the tactical edge and concomitant technical systems combat survivability.