Automation Drives Cybersecurity Innovation at ICE
ICE is automating and integrating its security processes to stay on top of threats.
In order to keep pace with the growing number of cyberattacks, government can’t rely upon its cyber workforce to do all the leg work. Automation is a critical component to effective monitoring and incident response.
“When you look at the latest attacks and the sophistication that the adversaries are using, you can’t be successful without implementing some sort of automation,” said Rob Thorne, CISO for U.S. Immigration and Customs Enforcement (ICE), at GovCIO Media & Research’s CyberScape: Data & Automation Security event Thursday. “There’s such a large amount of event log data that we’re collecting, and to have to go through that without automation — you’re just not going to be able to stay ahead of the adversary.”
From patch management to routine scanning, ICE looks at its cybersecurity tasks for processes that are simple, time-consuming and repetitive to find what might be a good candidate for automation. Automating these processes can help cyber teams identify threats more accurately, understand relative risks and ultimately respond faster.
“The goal is to reduce the load that we have on our already burdened staff,” Thorne said. “We want to make certain that they can focus on those risky events that we really want them to focus on.”
Thorne said ICE benefited from implementing a Security, Orchestration, Automation and Response (SOAR) capability. SOAR is a collection of software solutions and tools that allows organizations to streamline three key areas: threat and vulnerability management, security incident response and security operations automation.
In particular, Thorne found SOAR to be instrumental in reducing fatigue. There are massive amounts of data for analysts to parse through, but automation can help pinpoint the highest risk alerts.
“Fatigue is a reality, and we have to deal with that going forward,” Thorne said.
Most critically, SOAR has helped ICE integrate its security capabilities; including scanning results, EDR activity and SIEM. This integration initially prompted ICE to adopt SOAR. Automation can drive powerful tools, but those tools ultimately have to enable the people operating them.
“About five years ago, I went out to the west coast and I sat down with an analyst,” Thorne said. “He was walking me through a potential incident that he was working, and he had to cut and paste and log into different systems and move things around and pull data to create a story. And I said, ‘Oh my goodness, I can’t believe you guys are doing that.’ So that’s when we started our journey to implement a soar product. And it paid off in dividends.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Federal Leaders Revamp Tech Workforce, Policy
Despite the rise in interest of emerging technology, federal leaders see data, policy and the workforce as a best vehicle for change.
4m read -
Looking Back at the First Trump Administration's Tech Priorities
In his first term, Donald Trump supported cybersecurity, space policy and artificial intelligence development.
4m read -
Securing the Expanding Attack Surface in Cyberspace
Agencies undergoing digital transformation face a more intricate threat landscape and a wider threat target for adversaries looking to exploit vulnerabilities. This panel dives into strategies agencies are undertaking to safeguard these complex environments, including zero-trust architecture, vigilant monitoring and robust cybersecurity training.
30m watch -
Labor CAIO Outlines Responsible and Ethical AI Priorities, Use Cases
Department of Labor Chief AI Officer Mangala Kuppa outlined how her role is shaping the agency’s artificial intelligence strategy.
20m watch