Addressing cyber gaps with automation and orchestration
DHS and Marine Corps officials look to automation and orchestration to patch gaps in their cybersecurity strategies.
Although automated tools are taking on a larger role in helping agencies manage their increasingly complex network security requirements, humans are still a critical part of the production.
Paul Beckman, deputy chief information security officer at the Department of Homeland Security, said he thinks artificial intelligence-based automation can help his agency fill in 70 to 80 percent of the gaps that exist in its cyber strategy.
“Machines still aren’t there yet," Beckman said at the Jan. 29 Institute for Critical Infrastructure Technology Winter Summit. They can't identify a cat or a street sign, so we still need humans' unique ability for orchestration – the integration of cybersecurity efforts to enable automated incident response. “The human is the one orchestrating all of those [tools and platforms] together to make an interactive and efficient tool,” he said.
Department of Defense agencies have seen benefits of using automation and orchestration to connect new devices to their networks. The “comply-to-connect” framework isolates new systems or devices when they are plugged into DOD networks until automation tools scan the device, load necessary patches and set up needed security protocols before registering it onto the network.
“Many of us only see 70 percent of network traffic,” Ray Letteer, chief of the Marine Corps’ Cybersecurity Division, said. “Automation will [allow] us to be able map and track it.”
Through “comply-to-connect,” Letteer said he was eventually able to see 100 percent of the devices and systems that connected to his network.
But mobile devices complicate security even more for agencies.
“In an increasingly mobile world, you can’t use smart cards for multi-factor authentication, so you need to use other forms of identification like leveraging biometrics with touch ID or receiving a push notification,” Centrify CEO Tom Kemp told GCN. “There is a growing awareness of these technologies, but a lot more work needs to be done.”
The move to MFA has enabled more agencies to work in a zero-trust environment where all users seeking network access must be verified every single time.
“The mobile environment requires a platform that allows for speed and scale,” Chase Cunningham, principal analyst at Forrester Research, told GCN. “Controlling access is critical because … you have people using networks, and you need to control what they have access to.”