Data Architecture for Cybersecurity
Rochester Institute of Technology, Spring 2023
Problem Statement
Network defenders in the Office of Cyber Monitoring and Operations need a better way to query and correlate data in a hybrid and multi-cloud data ecosystem in order to develop analytics capability at the network defender level and inform insight-driven decisions on cybersecurity incident response at the senior leadership level.
Problem Scoping and Discovery
The team conducted 59 unique discovery interviews with consultants, security engineers, and educators. They learned:
Each embassy has a different budget with different devices and configurations. Cyber groups that need to conduct incident response do not know what lies on each of these networks. This variation can create problems with the logging and storage of those logs.
Incoming data could be segregated into categories based on their relevance to investigations.
Any new software introduced must be accompanied with a continuous training program for employees.
Solution Proposed
The team recommended specialized software tools to filter incoming data based on their significance to cybersecurity investigations and present cybersecurity specialists with only the most relevant data.
Results
The team’s recommendation allowed the DOS sponsors to more objectively assess potential new software tools, and their presentation helped prove to senior leadership why solving the problem was worth the investment.