Sep 21 2020

How Agencies Are Approaching Cybersecurity Automation

Automating certain functions of a cybersecurity response can free up agency resources.

While zero-trust cybersecurity architectures are the trend everyone in federal IT security seems to be glomming onto, a key part of what underpins the move to zero trust is, in addition to granular access controls, automation.

Increasingly, experts both inside and outside the government are advocating for accelerated adoption of cybersecurity automation. Automation tools can help detect whether a user is supposed to be accessing a network or a piece of data and can also automate a response and send alerts to analysts.

Such a shift could save agencies time and money and allow cybersecurity analysts to focus on actually analyzing data and coming up with new security strategies as opposed to looking through log reports, for example.

“We’ve got to get away from the mindset of ‘you can account for every alert.’ You’ve got to embrace orchestration and [security orchestration, automation, and response] technologies — artificial intelligence, machine learning. You have to embrace this,” Mike Witt, associate CIO for cybersecurity and privacy at NASA, said during a recent webinar, according to GCN.

“You have to take advantage of playbooks and push your teams to basically do a lot of these automated responses so that you can focus your limited analyst power … on some of the more interesting things.”

DOD Helps Lead the Way on Cybersecurity Automation

Wendi Whitmore, vice president of IBM X-Force, which focuses on incident response and threat intelligence, tells Nextgov that although the costs of data breaches in the U.S. public sector is likely higher than average, federal agencies are leading the way on cybersecurity automation tools and orchestration.

“Anything working under U.S. Cyber Command, which is much of the military, is a fantastic example,” Whitmore says.

The Defense Department and military branches have worked hard to develop security automation best practices, Whitmore says.

This year’s version of IBM’s annual “Cost of a Data Breach Report,” released July 29,

was the first time the study could analyze how cybersecurity automation tools affect the cost of data breaches, Whitmore tells Nextgov. Up until now, such tools were not widely deployed enough to observe their impact.

The DOD is looking to continue its use of cybersecurity automation technology. The Defense Innovation Unit in July issued another transaction agreement for a new prototype that will bring an “intelligent decision automation platform” to the Air Force Network, FedScoop reports.

The tool uses an older form of artificial intelligence, and “instead of creating large neural networks based on data, uses advanced probability-based mathematics that simulates decision-making,” FedScoop reports. The publication adds that if the pilot is successful in the Air Force, it could be scaled across the military.

READ MORE: What are the fundamentals of zero-trust security?

The Benefits of Cybersecurity Automation in Government

Experts outside the government are lobbying for increased investments in cybersecurity automation. Brandon Shopp, vice president of product strategy at SolarWinds, argues that leveraging AI and machine learning tools can help agencies mature their approach to cybersecurity.

“AI and ML allow security teams to be more effective with the resources they have,” he writes in GCN. “Next-generation automated security technologies can complete tasks such as identifying potential threats, detecting unauthorized behaviors, applying intelligence to qualify incidents, countering and blocking attacks before execution, stopping unauthorized movement of data and more. As AI and ML become more prevalent in the security marketplace, agencies can evolve their cybersecurity architecture to respond to changing digital threats.”

Organizations that have invested in automation and orchestration have much lower costs for data breaches: $2.45 million versus over $6 million for those that did not, Whitmore tells Government Technology.

“And from that perspective, you can very easily map out to government and the federal sector in terms of them, probably outside of maybe the financial services industry, “ Whitmore says, “certainly they’ve made the most investments in cybersecurity and in technologies that allow them to orchestrate the protection and defense of their environment and then certainly automate the technologies they’re using to do just that.”

MORE FROM FEDTECH: Find out how SIEM tools enhance federal cybersecurity.

metamorworks/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT