Reduce Agency Operating Expenditures with Proven Security Automation
U.S. government agencies have long been under pressure to improve efficiency in order to better serve citizens, but this is no easy task. By nature, they’re complex bureaucracies that are often behemoth in scale, hobbled by limited budgets, and tend to trail their private sector counterparts when it comes to adopting new technologies. Even before today’s global pandemic cast a spotlight on the urgency of accomplishing digital transformation and operational process automation, there were numerous calls for improvement.
The Office of Management and Budget (OMB)’s Budget of the United States for 2020 clearly requested government entities to leverage technology to realize greater efficiencies, urging the use of “Robotics Process Automation and other emerging technologies to reduce error, improve compliance, and focus the Federal workforce on higher-value work.” And the Budget of the United States for Fiscal Year 2021 celebrated the benefits of automation while touting recent improvements.
“The largest 24 Federal agencies have implemented more than 100 initiatives to reduce administrative burden and put more resources toward agency missions, driving billions of dollars in realized and anticipated savings and shifting hundreds of thousands of Full-Time equivalent employee hours to higher-value work. These initiatives include more than 50 initiatives focused on process improvement and standardization; approximately 30 initiatives using robotic process automation, artificial intelligence, and/or other innovative software; and nearly 20 initiatives focused on the digitization of agency processes.”
But the COVID-19 crisis has ushered in a set of new cybersecurity risks ranging from coronavirus-themed phishing campaigns to large-scale unemployment fraud schemes and data theft from Pandemic Unemployment Assistance (PUA) systems. Many of these attacks have specifically targeted federal and state government agencies charged with administering relief funds. Some were designed to exploit hastily implemented websites, while others take advantage of security teams’ lack of capacity when facing web traffic spikes at the same time that they’re being directed to work from home, often for the very first time.
In the face of today’s threats—and looming budgetary shortfalls in the months and years to come—it’s imperative that government agencies look to adopt the technologies that will best enable them to reduce operating expenditures (OPEX) while maintaining adequate defenses against cyberthreats. Among the more than 2.79 million people currently working for federal agencies, cybersecurity professionals are in particularly short supply and high demand. With average security analyst salaries exceeding $102,000/year and expected to increase faster than those in most professions, government agencies that can successfully reduce headcount without increasing risks will be significantly advantaged.
For federal agencies maintaining in-house security operations programs, it’s now critical to invest in technologies that will improve job satisfaction, performance and effectiveness for all members of their security analyst workforce. For those that outsource to integrators or other technology service providers, it’s critical to ask how much vendors are spending on the security monitoring function—as well as to question how efficiently the task is being accomplished.
Here are our top three questions to ask when you’re considering a solution or platform that will augment your federal agency’s autonomous security operations center (SOC) capabilities:
#1: How long will the deployment process take?
System Information and Event Management (SIEM) solutions, Security orchestration, automation and Response (SOAR) tools platforms and User Behavior Analytics (UBA) tools all promise to streamline workflows in the SOC by introducing automation into operational processes. None of these solutions, however, can be expected to perform optimally in the first few weeks (or even months) after its initial deployment. All require various degrees of programming, tuning, training, or “learning” about your environment. And during this setup period, it’s commonplace for your agency’s SecOps program to require more labor hours rather than less. Not only will your security analyst team need to learn to use and configure the tool, but they’ll also have to invest time in building the rules or playbooks that it will need to operate.
Robotic Decision Automation is purpose-built software, not a platform. It can be up and running in a customer environment—and making accurate decisions about which events to escalate—within a period of as little as four hours, depending on the complexity of that environment. The deployment process is as simple as connecting the data sources that already serve as an alerting infrastructure in your environment to the software. It’ll start working right away—time savings that may add up to many hundreds of thousands of hours for a government agency of moderate size.
#2: Can this solution be operated with a smaller security analyst staff than you currently have in place?
It’s a simple calculation, though the results are likely to defy the limits of your imagination. How many security events do all the sources across your environment (including endpoint detection and response (EDR) or endpoint protection platforms, network intrusion detection or prevention systems (IDS/IPS), SIEM platforms or case management systems, and web filters) generate per hour? What percentage of these events are currently being reviewed by members of your human security analyst team?
Any automated solution that allows you to review a greater percentage of the alerts being generated in your environment while spending fewer labor hours on security monitoring is a clear win for government agencies looking to increase efficiency and effectiveness. This means going beyond mere “box-checking” when it comes to compliance, and instead mitigating real-world risks.
#3: Will this tool enable my security team to operate more accurately and consistently?
A longstanding problem for human security analyst teams is that monitoring tends to be performed inconsistently. Even though the nature of the evidence that an event is indeed indicative of malicious activity in the environment and thus warrants further attention doesn’t change, analysts’ attention spans vary with fatigue, distraction or the sensitization bias that sets in after they’ve encountered a long string of false positives.
In contrast, an automated solution will perform the same exact way every single time it encounters an event—whether it’s late at night, early in the morning, at the start or the end of a shift. It simply applies the same probabilistic logic and mathematical reasoning to all the events it evaluates, considering them in light of threat intelligence feeds and tribal knowledge of the local environment that’s introduced into the software. It’s absolutely, perfectly consistent. There are no mistakes.
It’s no longer the case that lowering costs needs to come at the expense of security. An automated solution that can be deployed rapidly, that supports efficient operations, and that creates consistent processes will reduce OPEX while improving the experiences of security operations personnel—and their on-the-job performance—at the same time.
Want to learn more about how the Respond Analyst has helped organizations across industries in both the private and public sectors control costs and boost performance? Register to attend our live virtual demonstration now. It's coming up on June 25th.