Improving the Nation’s Cybersecurity with Event Data
Amongst the largest of those challenges is how to collect, harness, and store the massive amounts of event data required to be effective and comply with OMB requirements The data rates from app logs, system logs, security logs, network devices, services events, network traffic, and other required sources can be technically challenging to handle and do so cost effectively. OMB guidelines require long term data retention of 30 months in all but a few cases. Coupled with the data rates, the amount of persisted data will be massive. Since most agencies have distributed and hybrid compute environments, collecting event data from all of these disparate locations and sending it over the network to central locations can have a huge impact on network capacity and cost. Any of this data must be readily and easily available to share FBI, CISA, and other partner agencies.