Over the past few months, I was fortunate enough to be asked to evaluate several cutting-edge technologies designed to make government networks more secure. Some of these were more advanced than others, and a few were hindered by newer technologies like cloud computing. But they all showed a great deal of promise for the federal government if deployed correctly.
One of the most interesting possibilities is creating an event-driven architecture to add automation to the federal defensive arsenal. Given that a single router can generate over 100,000 data points every few seconds, any network of any size quickly grows beyond the ability for even teams of humans to protect 100 percent effectively. There is just too much data, and not enough analysts. Attackers know this, and use all that data as cover to remain undetected once they breach a network. That is why the latest Mandiant M-Trends 2016 Report found that most organizations were breached for 146 days before the successful attack was discovered. The government is no exception to this rule.
Automation could be the answer, reducing the time from detection to remediation from months to seconds. The basic concept is simple enough. It simply uses the power of the network itself to counter threats, making it a machine versus machine affair.
But the reality is much more complex. Find out how automation could help protect government networks, and why we don’t see more of it already. It’s all in the latest issue of NextGov magazine.