May 24 2021

How the DOD and the Wider Government’s Cybersecurity Can Benefit from SOAR

Security Orchestration, Automation and Response tools can yield significant benefits for the Defense Department and other federal agencies looking to enhance their IT security posture.

The Biden administration’s recent far-reaching executive order on cybersecurity covers a lot of different elements of government IT security. One of them is designed to spur federal agencies to adopt a zero-trust approach to security.

As part of that, the order notes that zero-trust architecture includes “system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting data in real-time within a dynamic threat environment.”

There is already a push underway in some agencies to adopt this approach, through the use of Security Orchestration, Automation and Response (SOAR) tools. Some agencies have made moving in this direction a priority. As far back as late 2019, the Defense Information Systems Agency, for example, identified SOAR as an emerging capability it wanted to integrate into Defense Department cybersecurity.

MORE FROM FEDTECH: How can agencies defend against insider threats?

The Benefits of SOAR for Cybersecurity

SOAR platforms unify security orchestration, automation and the remediation of cyberthreats that they detect.

They can use behavioral analysis tools, whether at the network or user level, to monitor for vulnerabilities. Essentially, SOAR enables agencies to be proactive instead of reactive.

SOAR tools are continuously monitoring for what is occurring on a network or in an IT environment and scanning for anomalous activity. For example, is a user logging in to a network in the middle of the night when that user normally logs in during the day? Is data traversing a part of the network where it usually doesn’t?

This kind of monitoring has traditionally been done by an analyst at a terminal. Now, IT security teams within agencies can leverage automated response capabilities to monitor for these events and automatically remediate threats.

With SOAR, there is still an analyst or an operator driving the security function, but the agency is yielding more responsibility to an artificial intelligence agent that can monitor vast amounts of information and determine how to rapidly respond to security events.

SOAR has many advantages for agencies. As Federal News Network reports, agencies face persistent hurdles in hiring enough cybersecurity talent. A report from the Cyberspace Solarium Commission, citing data from CyberSeek, notes that more than 1 in 3 public-sector cybersecurity jobs remains unfilled. SOAR can help agencies overcome these gaps via technology.

Additionally, SOAR can help agency cybersecurity teams improve their time management and productivity. Responses can be automated, allowing staff to devote their time and energy to tasks that cannot be automated.

SOAR also uses a community-based platform in many cases and enables collaboration between organizations as they share vulnerabilities they are seeing. There are private and public repositories of such information that agencies can tap into to enhance their security postures.

What to Consider When Adopting SOAR

There are numerous options on the market for agencies looking for SOAR solutions. IT leaders at agencies should conduct research and work with trusted third parties to find the right SOAR solution that fits their agency needs and mission.

Partners can help agencies simplify their cybersecurity organizations, and SOAR can be deployed to help monitor networks. Perhaps the agency does not have enough cybersecurity personnel. Humans can only process so much information per day, and SOAR platforms can help relieve some of that burden.

SOAR platforms do represent a new way of approaching cybersecurity, and adoption of the technology will be largely dependent on IT leaders’ willingness to try novel approaches. Many are used to the traditional model of analysts focused on their screens and making all the remediation decisions.

Adopting SOAR does not have to mean an agency abandons its entire previous approach to cybersecurity. SOAR is about augmenting the capabilities of existing analysts, and won’t force agencies to drop the capabilities of their mission-based IT security systems.

SOAR does represent where the cybersecurity technology market is headed, though. As zero-trust security becomes expected in government, SOAR will be a crucial element of helping agencies adopt that model.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.

CapITal blog logo

gorodenkoff/Getty Images