Automation Drives Cybersecurity Innovation at ICE
ICE is automating and integrating its security processes to stay on top of threats.
In order to keep pace with the growing number of cyberattacks, government can’t rely upon its cyber workforce to do all the leg work. Automation is a critical component to effective monitoring and incident response.
“When you look at the latest attacks and the sophistication that the adversaries are using, you can’t be successful without implementing some sort of automation,” said Rob Thorne, CISO for U.S. Immigration and Customs Enforcement (ICE), at GovCIO Media & Research’s CyberScape: Data & Automation Security event Thursday. “There’s such a large amount of event log data that we’re collecting, and to have to go through that without automation — you’re just not going to be able to stay ahead of the adversary.”
From patch management to routine scanning, ICE looks at its cybersecurity tasks for processes that are simple, time-consuming and repetitive to find what might be a good candidate for automation. Automating these processes can help cyber teams identify threats more accurately, understand relative risks and ultimately respond faster.
“The goal is to reduce the load that we have on our already burdened staff,” Thorne said. “We want to make certain that they can focus on those risky events that we really want them to focus on.”
Thorne said ICE benefited from implementing a Security, Orchestration, Automation and Response (SOAR) capability. SOAR is a collection of software solutions and tools that allows organizations to streamline three key areas: threat and vulnerability management, security incident response and security operations automation.
In particular, Thorne found SOAR to be instrumental in reducing fatigue. There are massive amounts of data for analysts to parse through, but automation can help pinpoint the highest risk alerts.
“Fatigue is a reality, and we have to deal with that going forward,” Thorne said.
Most critically, SOAR has helped ICE integrate its security capabilities; including scanning results, EDR activity and SIEM. This integration initially prompted ICE to adopt SOAR. Automation can drive powerful tools, but those tools ultimately have to enable the people operating them.
“About five years ago, I went out to the west coast and I sat down with an analyst,” Thorne said. “He was walking me through a potential incident that he was working, and he had to cut and paste and log into different systems and move things around and pull data to create a story. And I said, ‘Oh my goodness, I can’t believe you guys are doing that.’ So that’s when we started our journey to implement a soar product. And it paid off in dividends.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Biden Signs New Tech Executive Orders Before Departing Office
Joe Biden signed two new executive orders this week promoting future cyber and AI priorities before Donald Trump takes office Monday.
5m read -
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read -
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
Air Force Chief: Modernization Is Critical to Maintaining Superiority
Air Force Secretary Frank Kendall cites AI, automation and cyber resilience as key modernization components to outpace China by 2050.
3m read