Implementing virtual data integration solutions can simplify and expedite the integration of security data from various heterogeneous data sources in order to meet the White House’s Cross Agency Priority Goal for Cybersecurity to transform the historically static security control assessment and authorization process into an integral part of a dynamic enterprise-wide risk management process. Data Virtualization shows promise as a vehicle to provide useful and cost effective threat preparedness and risk data to managers at all levels of functional responsibility.
Fierce SoftwareTM recommends Red Hat JBoss Data Virtualization to enable agile data use, hide complexities, and make data easier for developers and users to work with.
Current Challenge: Risk Management using heterogeneous security data
The Federal mandate to use continuous monitoring data to support security authorization and other risk management decision-making presumes that decision-makers and managers have ready access to integrated data from multiple heterogeneous sources including new and existing continuous monitoring sensors, system vulnerabilities reporting, detailed data categorization, threat data and various other sources. The demand for unified views of threat, vulnerability, risk, data categories, control selection and status, as well as financing of security improvements is not a concern limited to IT security executives and oversight bodies. The need for such views spans the entire vertical chain of responsibility from application operations and ISSO to the Departmental CIO and above. Each role needs a unique view of information to take action based on a unified set of data. Existing dashboard solutions, while very useful at certain levels do not address the full scope of emerging continuous monitoring requirements. JDV can enhance the capabilities of these existing dashboards by connecting and integrating the data sources in order to get a fully integrated view.
Red Hat JBoss Data Virtualization (JDV) creates a common data model for agency data from all of these sources and makes it available in views that are unique to the problem domains to be solved or the decision to be made at each level. JDV accepts data from many sources and through defined relationships establishes a unified model of data that can either be presented in periodic reports or be analyzed in ad hoc queries by the stakeholder tasked with risk management decisions or actions. Several examples of the uses of these views would be:
- Operational staff better prioritizing vulnerability mitigation
- Business owners prioritizing funding for security
- Enclave or enterprise security staff attending to systems that increase the risk to all applications
- Oversight managers identifying teams that lack guidance or expertise
- Enterprise managers prioritize risk management activities based on sensitive data types identified in threat analysis.
These and many other views depend upon data from many sources. Currently, security teams doing these kinds of analyses are faced with resource limitation due to the manual process of merging datasets. Underlying data quality issues are difficult to measure and hard to correct. To fully realize the benefits of a data driven Risk Management Framework process, easy to implement and flexible data integration is required.
Existing solutions are in general very limited in their ability to support the need for multiple views of data integrated from heterogeneous data sets. The primary solutions available currently include:
- Security vendor solutions: These are unified control and reporting consoles designed to support (and sell) the vendor’s sensors. In most cases managing the sensors is the primary focus, with reporting from their sensors being the secondary importance. Bringing data from other vendor’s sensors is a low priority with the result that there are usually limitations on what foreign sensors will be supported by the consoles and the responsiveness to changes in their competitor’s sensors. NIST’s SCAP protocols have helped interoperability, but integration of foreign sensors is not universal and is often afflicted with delays due to software versions and other inconsistencies in the interface. Response to these interface problems can be slow and expensive. A better solution is to have a dedicated data integration tool.
- Data Mart(s)/Warehouse solutions: Some Departments have been creating data warehouses to import the data of interest that can then be integrated into a new unified security database. Departments build interfaces to each data source as needed to bring new data sources online and respond to changing data requirements. The problem with data warehouses is that they duplicate a huge amount of data and create a large number of unique interfaces that must be maintained and are usually complicated and fragile. The costs of data storage involved in security sensor data are significant, especially when aggregating data form many sub-enterprises such as Departmental operating divisions. Complications arise from the sematic and syntactic differences in the source datasets as well as the dynamic nature of vendor solutions. Even where the data is fairly static, it must be normalized to be useful once integrated. In some cases the data model of the source changes from version to version as new technology is introduced. Maintaining these interfaces can be very expensive. Furthermore, the data warehouse data model itself may need to change in response to evolving Federal mandates, departmental policies, available technologies and threat. Data warehouses are too unwieldy to provide the kind of dynamic risk decision support envisioned by the White House.
A Better Approach: Use Red Hat JBoss Data Virtualization to Create a Virtual Data Layer
As previously stated, data virtualization shows promise as a vehicle to provide useful and cost effective threat preparedness and risk data to managers at all levels of functional responsibility. Agencies using JBoss Data Virtualization can successfully implement a SOA-like ˜virtual data layer while leaving the source data in place and use the very agile technology of data virtualization to query, normalize and present data on the fly using a flexible data model, metadata and layered processing approach to bring data to users as needed. Data virtualization provides agencies with the source integration, processing flexibility and cost efficiency that cannot be matched by other vendor consoles or data warehouses. Also, the technology provides us with a data layer that is secure and modular enough to quickly adapt to future requirements or technologies. The ability to re-purpose data simultaneously in multiple formats allows us to decouple the dependencies of present and future application interfaces from the underlying data sources.
The development of the virtual data layer targeted specifically to the Continuous Monitoring security data using JDV will facilitate and expedite the ability to answer questions such as:
- What are the aggregated vulnerabilities for all IT components in an Authorized Security Boundary?
- What sensitive data are affected by a particular vulnerability?
- To what degree are persistent vulnerabilities detected by CM sensors reflected in the POA&M? Are there controls in place to mitigate them?
- Is the CPE data from sensors consistent with the documentation in the ATO?
- What systems should anticipate upgrade of platform to prevent end-of-life or end-of-support?
- Where should resources be applied to address dangerous deviations from baseline configurations?
Many other questions could be answered, but this initial set can be a metric for success.
Identifying and Setting up a pilot project
Fierce SoftwareTM has current projects that demonstrate the applicability of Red Hat JBoss Data Virtualization to the integration of security data for Risk Management. A possible pilot project approach is illustrated as follows:
Results: Virtualized Data Layer, Sample Query, Cost and Time Data
Red Hat JBoss Data Virtualization provides Government agencies a working virtual data layer on the targeted security data sets which supports querying to support the continuous monitoring questions identified above as well as multiple other data views on the now integrated heterogeneous data sources. Additionally JDV:
- Provides standards-based read/write access to heterogeneous data stores in real time
- Speeds application development and integration by simplifying access to distributed data
- Transforms data structure and semantics through data virtualization
- Consolidates data into a single view without the need to copy any data
- Provides centralized access control, and auditing through robust security infrastructure
Value to your Agency
A proper strategy implementing Red Hat JBoss Data Virtualization will provide the agency a working virtual data layer on targeted security data sets which supports querying, continuous monitoring as well as multiple other data views on the now integrated heterogeneous data sources.
Find out how Fierce SoftwareTM and Red Hat JBoss Data Virtualization can enable agile data use, hide complexities, and make data easier for developers and users to work with.
Check back in for Part 2 of this blog and please share!
Fierce SoftwareTM: Extreme innovation, Extreme Value