The Biden administration’s recent far-reaching executive order on cybersecurity covers a lot of different elements of government IT security. One of them is designed to spur federal agencies to adopt a zero-trust approach to security.
As part of that, the order notes that zero-trust architecture includes “system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting data in real-time within a dynamic threat environment.”
There is already a push underway in some agencies to adopt this approach, through the use of Security Orchestration, Automation and Response (SOAR) tools. Some agencies have made moving in this direction a priority. As far back as late 2019, the Defense Information Systems Agency, for example, identified SOAR as an emerging capability it wanted to integrate into Defense Department cybersecurity.
MORE FROM FEDTECH: How can agencies defend against insider threats?
The Benefits of SOAR for Cybersecurity
SOAR platforms unify security orchestration, automation and the remediation of cyberthreats that they detect.
They can use behavioral analysis tools, whether at the network or user level, to monitor for vulnerabilities. Essentially, SOAR enables agencies to be proactive instead of reactive.
SOAR tools are continuously monitoring for what is occurring on a network or in an IT environment and scanning for anomalous activity. For example, is a user logging in to a network in the middle of the night when that user normally logs in during the day? Is data traversing a part of the network where it usually doesn’t?
This kind of monitoring has traditionally been done by an analyst at a terminal. Now, IT security teams within agencies can leverage automated response capabilities to monitor for these events and automatically remediate threats.
With SOAR, there is still an analyst or an operator driving the security function, but the agency is yielding more responsibility to an artificial intelligence agent that can monitor vast amounts of information and determine how to rapidly respond to security events.
SOAR has many advantages for agencies. As Federal News Network reports, agencies face persistent hurdles in hiring enough cybersecurity talent. A report from the Cyberspace Solarium Commission, citing data from CyberSeek, notes that more than 1 in 3 public-sector cybersecurity jobs remains unfilled. SOAR can help agencies overcome these gaps via technology.
Additionally, SOAR can help agency cybersecurity teams improve their time management and productivity. Responses can be automated, allowing staff to devote their time and energy to tasks that cannot be automated.
SOAR also uses a community-based platform in many cases and enables collaboration between organizations as they share vulnerabilities they are seeing. There are private and public repositories of such information that agencies can tap into to enhance their security postures.