If agencies improve their threat monitoring, correlation, and protection automation, they could save an estimated 27 percent, or $5 billion annually, of their cybersecurity budgets, according to a MeriTalk survey titled Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation.
“When you put a dollar value to it, it looks very different,” said Pamela Warren, director of government and industry initiatives at Palo Alto Networks, which underwrote the survey.
Warren explained that though Federal agencies have the necessary data to respond to emerging cybersecurity threats, their ability to distribute information on and respond to said threats rapidly is still limited.
“The survey indicates Feds have plenty of data, but need to implement the tools and the processes to achieve that goal,” said Warren. “It’s losing the battle, if you will, against these advanced threats.”
Warren described the automation of certain security activities such as condensing information from various threat feeds, as the “end goal” for agencies in their ability to respond to cyber threats. The survey found that Feds subscribe to an average of 25 daily security feeds, many of which could contain duplicative information.
“To address today’s threats and prevent successful cyberattacks, it’s imperative to automate the creation and distribution of new protections in near-real time and predict the attacker’s next step,” said Warren. “To do this, you need the data, the tools, and the process.”
The lack of automation can come at a “significant time cost,” according to Warren, as it requires security employees to manually determine whether a feed has provided them with a unique threat and then manually send out a response.
According to the report, “only 15 percent [of respondents] say their agency can create protections against a new threat within a few minutes–and only 17 percent can distribute these protections for enforcement within that same brief time frame.”
Despite the fact that only 30 percent of respondents said that they are willing to invest in the automation of signature creation and distribution, Warren said that agencies are aware of the need to speed up response times to incoming threats.
“I think there’s a lot that can be done in core security technologies today to automate,” she said. “In the conversations we continue to have, there is an awareness.”
To achieve the estimated cost savings, the report outlines four recommendations:
- Ensure detection and enforcement across all potential attack vectors into the network to detect any anomalies that could be new threats.
- Correlate isolated tactical behaviors as a sign of a bigger attack pattern, as well as isolate network segments to reduce the effectiveness of attacks.
- Prevent new attacks by first analyzing and accurately predicting the next step in the attack (location and behavior) before it occurs.
- Leverage new techniques, like machine learning, dynamic and static analysis, in conjunction. Then, swiftly create new protection and reprogram enforcement points faster than the attack can spread in the network.