Cyber threats are roadblocks for agencies in everyday operations. Recent vulnerabilities such as Log4J show how easy it is for hackers to exploit systems and create a full-blown cybersecurity crisis. Following the Log4J exploit, organizations everywhere remediated hundreds of thousands of vulnerable internet-connected assets on their networks. With cyberattacks becoming increasingly sophisticated, integrating solutions such as autonomous cyber defense capabilities into cybersecurity practices are critical to mitigate these threats, secure data, and prevent future cyberattacks....
Cyber threats are roadblocks for agencies in everyday operations. Recent vulnerabilities such as Log4J show how easy it is for hackers to exploit systems and create a full-blown cybersecurity crisis. Following the Log4J exploit, organizations everywhere remediated hundreds of thousands of vulnerable internet-connected assets on their networks. With cyberattacks becoming increasingly sophisticated, integrating solutions such as autonomous cyber defense capabilities into cybersecurity practices are critical to mitigate these threats, secure data, and prevent future cyberattacks. Agencies must determine how they can detect a significant vulnerability and remediate in near-real time across an extremely large IT environment as quickly as possible. This is where autonomous cyber is a force multiplier.
At its most basic level, autonomous cyber defense leverages artificial intelligence and machine learning to dynamically analyze behaviors across the network, identify unusual activity that poses a risk and automatically take action to contain threats. Implementing the right autonomous cyber defense solution allows agencies to detect unknown threats and respond in real time. Not only does this make cybersecurity measures more effective, faster and scalable, but it also frees up cybersecurity teams to focus on advanced threat detection and mission-critical objectives rather than routine tasks or less trivial events.
As agencies mature in their zero trust journeys, automation should be a key investment priority since it increases resiliency by allowing defenses to scale more effectively — preventing threats before they happen or reacting at machine speed when they do. Many agencies have realized that they need to automate to achieve a higher level of zero trust maturity to secure their user, devices, network, applications/workloads and data. This further aligns to the recent guidance from the cyber executive order, zero trust guidance issued by the Office of Management and Budget and the zero trust maturity models.
It might be easy to identify the threats you know about, but how do you detect the unknown with a limited time to respond and at scale? This is a perpetual challenge in cybersecurity.
Enter endpoint detection and response (EDR). Robust EDR capabilities offer IT teams visibility into how endpoints are accessing the network and data is flowing through it at a granular level. With increased use of artificial intelligence and machine learning, this new data makes real-time continuous monitoring and analysis possible, and significantly improves our ability to identify threats within the enterprise. You can identify patterns, which makes it easier to distinguish between normal behaviors and threats.
A key technology component of autonomous cyber defense is security orchestration, automation and response (SOAR), capabilities that organizations can integrate and streamline workflows and cyber operations. SOAR capabilities allow organizations to automate playbook responses to adverse user activity across the network and can let cyber professionals visualize the digital workflow of a user. Taken together, these capabilities become a force enabler, allowing agencies to improve detection and response so cyber teams can focus on prioritized events. Furthermore, this analysis of threat activity not only detects and prevents future cyber-attacks across the network, but can also enable threat sharing of emerging tactics and risks.
One of the biggest challenges for a government agency is applying zero trust principles holistically throughout its environment. The Cybersecurity and Infrastructure Security Agency identified five pillars of the zero trust maturity model: identity, device, network, application/workload and data. Automation and orchestration are a core overlay pillar that cuts across these different areas to ensure they are leveraged more effectively.
Agencies also face the challenge of scaling solutions to meet growing needs. Government organizations typically have a set environment with a set budget and a set workforce. However, the amount and sophistication of cyber threats is constantly growing, and agencies often do not have the resources to keep pace. Fortunately, autonomous cyber defense solutions allow cybersecurity to scale and respond to incidents in real-time. With the implementation of SOAR practices across an organization’s infrastructure, the significantly reduced time to perform routine tasks and advanced analytics can generate substantial savings that can be redeployed elsewhere.
Autonomous cyber is ever-evolving, so agencies do not always know where to start on their automation journeys. Since implementing a fully autonomous system is not possible on day one, agencies need to take a strategic approach – similar to deploying zero trust. There’s no one-size-fits-all approach that works for all agencies, so each agency must take the time to get it right.
Knowing where to start depends on the agency’s mission and priorities. Agencies should first assess their current status and establish a baseline of core metrics, outcomes, and use cases. Once they have a good understanding of operational requirements, the next step is determining how automation can further enable those requirements and mission success.
Then, agencies need to determine how to best implement automation by identifying the core functions to automate first. For example, an agency might first consider network automation, threat detection and remediation, vulnerability and patch management, automation of application workflows, or even configuration management.
In the age of real-time everything, advanced cyber intelligence is helping agencies shift toward collecting new, novel data and analysis to strengthen their cybersecurity postures. Investing in solutions such as autonomous cyber will enable faster threat detection and reaction times, scalability, improved productivity, lower costs and a better user experience.
Dr. Matthew McFadden, vice president for cyber at GDIT, spearheads cyber strategy for GDIT’s federal/civilian, defense and the intelligence and homeland security divisions and develops advanced cyber capabilities and offerings to address agency missions. He represents a cyber workforce of more than 3000+ professionals, 30+ cyber alliances and programs supporting some of the largest, unique cyber missions in the federal sector.