A convincing argument can be made that Splunk is a leader in analyzing machine data for enterprise systems; ninety-two of the Fortune 100 use Splunk. They apply this skill set to the federal world and help enhance security and drive resilience. Because of this wide experience, they have seen many kinds of attacks like the infamous Solar Winds incident.
There are many ways to respond to this amalgamation of knowledge. One can hold that knowledge behind a paywall and charge people. What is interesting is Splunk’s Ryan Kovar decided to get a group of veteran vulnerability specialists and share that information with the Splunk community. They call it Splunk SURGe.
Their goal is to be a timely advisor and provide research into cybersecurity challenges for large federal systems. Their first free white paper was, “Detecting Supply Chain Attacks.” They also have a podcast and a video series on YouTube.
"Hey, how can we kind of help all these blue teams out there, these network defense types, and that's my wheelhouse"
For the federal IT community, the most important member of the SURGe team is Mick Baccio, Global Security Strategist. He began his career in the federal government and has shown his expertise over two decades, culminating in being the Branch Chief, Threat Intelligence at the Executive Office of the President.
During this interview, Mick reviews the main challenges of securing federal technology: unifying
logs standards, multifactor authentication, ubiquitous encryption, and reliable asset inventory. He suggests that a platform can assist federal agencies in reaching the much-vaunted goals.
One of the best quotes from the interview is, “security is a data problem.”
If you enjoyed this article, you may want to listen to episode #11 Identity Management and the Federal Government
Leave a Reply