Government Solutions

Decision Automation: The New Mission for Cybersecurity in Government & Defense

Mike Armistead
by Mike Armistead
category Government Solutions

We hear it in the news media and see it portrayed in television – military and civilian agencies are a prime target for cybercriminals. With an untold number of devices, connected assets and applications that continue to multiply, cybersecurity threats will accelerate at an unforgiving pace. More potential threats mean more noise. The sensors at work in the environment will generate alerts at a clip that no human alone can manage. Faced with identifying and responding to hundreds or even thousands of potential threat events every hour, will not only stretch the human and financial resources already committed to this effort, mistakes may create an opening for malware and malicious actors to gain a foothold. These challenges make it even harder for a civilian or defense agency to be proactive in cyber-defense.

We announced that we have been selected to prototype an Intelligent Decision Automation Platform (iDAP) for cybersecurity operations. The iDAP is a transformation effort by the U.S. Air Force (USAF) to improve its defensive cyber-operations with advanced, automated decision-making against persistent threats to the Air Force Network (AFNET).

This is not just another automation story. The need for automation is important, but automation has to go beyond workflow. Intelligent decision automation takes the conversation about how to address SOC cybersecurity automation to the next level.

We understand that analyzing security event data is important. And it’s about taking everything we know about the environment, past and present, to make decisions at speed and scale. This is where the Respond Analyst shines.

Leveraging old and new security telemetries, such as intrusion prevention systems, anti-virus and endpoint detection & response (EDR) tools, common repositories that collect security data, such as SIEM and SOAR platforms and other tools already in the security operations center (SOC), the Respond Analyst unifies and correlates relevant facts and patterns found within hundreds (or thousands) of disparate logs and information sources. All of this creates the context for continuous monitoring through our decision-making engine that we call Integrated Reasoning.

What does this mean for the USAF? Integrated Reasoning will allow USAF to eliminate ambiguity caused by silos of security tools and get a clear, near real-time view for better cyber-situational awareness and decisive action. The team of security analysts can elevate from the drudgery of console monitoring, constant system swiveling, and alert overload and act on a small number of well-vetted potential incidents that require human intervention. This is foundational cybersecurity monitoring and automated decision-making at speed and scale. It is time for civilian and defense agencies to reimagine security operations aligned with decision automation.

We did not invent the principles of security automation, but we are driving the evolution of modern security operations. We are excited to support the Air Force in their quest to harness the power of decision automation to reimagine the SOC and allow analysts to gain deeper expertise in their mission while leveraging machine-speeds to aid in decision-making against persistent threats.

If you are new to Respond Software, welcome. Browse our website and get to know how the Respond Analyst powers the modern SOC for a variety of organizations.

Start Here: