Feds Could Save More Than $5B Annually By Improving Actionable Cyber Awareness

By Christine Kern, contributing writer

New study highlights the need for better threat monitoring, correlation, and protection automation.

Federal agencies could be saving more than $5 billion a year — as well as valuable time mitigating new cyber threats — with Rapid Intel and automation according to MeriTalk study. The report, Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation, underwritten by Palo Alto Networks, reveals feds could save up to 27 percent of their cybersecurity budget and address threats faster by improving threat monitoring, correlation, and protection automation.

The survey polled 150 Federal security operations team members regarding their approaches to minimizing damage by deploying more automated solutions that leverage product and external threat feed intelligence.

The MeriTalk report asserts agencies may be missing key indicators of an attack — a pathway into their networks – and unable to correlate threat data points. And while the majority of agencies monitor traditional entry points including mail servers, the web, and internet gateways, not even half guard data centers, SaaS enforcement points, and mobile endpoints which may impede the organization’s ability to spot discrete malicious behaviors.

“When you put a dollar value to it, it looks very different,” explained Pamela Warren, director of government and industry initiatives at Palo Alto Networks. “The survey indicates Feds have plenty of data, but need to implement the tools and the processes to achieve that goal. It’s losing the battle, if you will, against these advanced threats.”

The key is the ability to distribute information on and respond to specific threats rapidly, something still limited for most Federal agencies. Automating security activities such as condensing information from various threat feeds could help these agencies reduce costs and improve response times associated with cyber threats.

Despite these time-intensive processes, federal security operations teams continue to allocate precious manpower and financial resources to tasks that can be automate, including:

• creation of custom signatures for security technologies on the network
• correlation of isolated network events that may be related to part of a campaign
• taking threat intelligence from various feeds and making it actionable
• correlating different behaviors (IOCs) to associate them with one or more threat campaigns

Feds subscribe to an average of 25 daily security feeds, many of which could be providing redundant data, according to the study. Even with the enforcement points that are being monitored, only a little over half (61 percent) of agencies are capable of automatically distributing information against malicious behaviors across different enforcement points.

The study also found 61percent of Feds are automatically distributing info against malicious behaviors across different enforcement points in their organization; and only 15 percent of agencies are able to reprogram endpoint sensors to create new protections within a few minutes. Only 17 percent can distribute these new protections within a few minutes.

Warren added, “To address today’s threats and prevent successful cyberattacks, it’s imperative to automate the creation and distribution of new protections in near-real time and predict the attacker’s next step. To do this, you need the data, the tools and the process.”

“Agencies are falling into a culture that’s too focused on the legacy, manual way of doing security,” says Steve O’Keeffe, founder, MeriTalk. “Feds need their technology investments — not just their human expertise — to detect new attacks and determine what’s a full-blown, global, coordinated campaign as opposed to an unrelated or one-time event — and act accordingly to quickly and effectively minimize damage.”