Automation Drives Cybersecurity Innovation at ICE
ICE is automating and integrating its security processes to stay on top of threats.
In order to keep pace with the growing number of cyberattacks, government can’t rely upon its cyber workforce to do all the leg work. Automation is a critical component to effective monitoring and incident response.
“When you look at the latest attacks and the sophistication that the adversaries are using, you can’t be successful without implementing some sort of automation,” said Rob Thorne, CISO for U.S. Immigration and Customs Enforcement (ICE), at GovCIO Media & Research’s CyberScape: Data & Automation Security event Thursday. “There’s such a large amount of event log data that we’re collecting, and to have to go through that without automation — you’re just not going to be able to stay ahead of the adversary.”
From patch management to routine scanning, ICE looks at its cybersecurity tasks for processes that are simple, time-consuming and repetitive to find what might be a good candidate for automation. Automating these processes can help cyber teams identify threats more accurately, understand relative risks and ultimately respond faster.
“The goal is to reduce the load that we have on our already burdened staff,” Thorne said. “We want to make certain that they can focus on those risky events that we really want them to focus on.”
Thorne said ICE benefited from implementing a Security, Orchestration, Automation and Response (SOAR) capability. SOAR is a collection of software solutions and tools that allows organizations to streamline three key areas: threat and vulnerability management, security incident response and security operations automation.
In particular, Thorne found SOAR to be instrumental in reducing fatigue. There are massive amounts of data for analysts to parse through, but automation can help pinpoint the highest risk alerts.
“Fatigue is a reality, and we have to deal with that going forward,” Thorne said.
Most critically, SOAR has helped ICE integrate its security capabilities; including scanning results, EDR activity and SIEM. This integration initially prompted ICE to adopt SOAR. Automation can drive powerful tools, but those tools ultimately have to enable the people operating them.
“About five years ago, I went out to the west coast and I sat down with an analyst,” Thorne said. “He was walking me through a potential incident that he was working, and he had to cut and paste and log into different systems and move things around and pull data to create a story. And I said, ‘Oh my goodness, I can’t believe you guys are doing that.’ So that’s when we started our journey to implement a soar product. And it paid off in dividends.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Navy Chief Points to More Autonomous Systems, Robotics by 2027
Adm. Lisa Franchetti's new plan prioritizes development of autonomous systems to prepare the Navy for growing aggression from China.
5m read -
Facing Evolving Cybersecurity Challenges
Hear from federal cybersecurity experts discuss strategies for staying informed about the latest threats, tools and policies.
30m watch -
DOD's New Acquisition Plan Will Streamline How it Buys, Scales AI
Open DAGIR is a modular ecosystem enabling procurement for different components that can be integrated separately.
5m read -
AI Fundamentals Bootcamp
Join us for an informative workshop for federal technologists interested in exploring artificial intelligence in the public sector. This bootcamp will help you learn how AI can boost government services and operations.
IBM Innovation Studio | 600 14th St NW, Washington DC, 2nd Floor