Government agencies need to pivot to better filter and monitor incoming threats and data with velocity, efficiency and optimization.
The U.S. government is tasked with protecting classified data and combating potential threats, an area of growing concern with the increasing use of web-based applications required for remote working. Due to high demands, the teams tasked with safeguarding data need a new way—or new capabilities—to scale cybersecurity efforts, especially as many government agencies also face the challenge of limited resources and massively growing data sets and feeds.
Pushed by the pandemic, governments are accelerating digital transformation efforts to implement artificial intelligence for cybersecurity needs, as it brings capabilities beyond what manual human surveillance can provide. In fact, the Defense Department’s investment in AI has increased from $600 million in fiscal 2016 to $2.5 billion in fiscal 2021.
Today’s Cybersecurity Challenges
The security operations center is the “mothership” of security within government agencies. It’s responsible for monitoring, preventing, and responding to cybersecurity threats in real time, and Security and Governance Risk and Compliance are tasked with classifying and protecting sensitive data.
Traditionally, security and data governance teams code pattern heuristics, a scanning method that looks for malware-like behavior patterns that need to be monitored based on past risk events. These heuristics are applied to log files and data to alert for any pattern matched. For example, if a person uses their credentials on a new computer, or if credentials are compromised, the team is alerted. This manual process can result in missing other important events, and also provides a high rate of false positives. Too many low-value events, like credential alerts, can also distract from more severe security events.
Security teams continue to face resource limitations when it comes to being able to monitor data as well. For example, human surveillance is strained as the ever-expanding IT environment typically includes at least two digital devices connected to a corporate network per employee. Additionally, with the shift to a remote workforce and increased adoption of software-as-a-service applications and bring your own device for the work market is forecasted to grow to 350 billion in 2022, up from 94 billion in 2014. Manual monitoring of these processes is near impossible to be successful 100% of the time. Every device that is connected to the network provides some telemetry and data. As we move from on-prem systems to cloud infrastructure and expand footprints with our vendor partners, we have expanded the ecosystem and attack surface bringing in more data. Plus, factoring in the security industry skills gap, security teams face an uphill battle to continuously identify, protect, manage and monitor sensitive information.
Government agencies need to pivot to better filter and monitor incoming threats and data with velocity, efficiency and optimization. The more data that is managed manually, the harder it is to detect a threat.
Going Beyond Human Surveillance: AI for Security
The uptick we are seeing in AI investment within the DOD will help combat these challenges. AI can automate and simplify monotonous tasks across business processes and has already been streamlining operations across various industries and businesses for years. By implementing AI within government operations, agencies can enhance data protection and compliance efforts and free up their time while providing an additional layer of risk management. Here’s how:
- Faster classification process: AI can alleviate manual human tasks through algorithms and training models that can be used to classify documents, provide a recommendation to the security and governance teams on how they should be classified, and support agencies to meet compliance demands.
- Identifying outliers: Instead of using heuristics of past events to “re-identify the event in the future,” AI can identify patterns that are outliers of normal behavior in real time. These security outlier behaviors are identified as anomalies that require attention, and through automation, action can be taken to immediately stop threats as they occur.
- Fewer alerts, better focus: One surveillance team may receive 17,000 alerts a day. AI can reduce false positive, prioritize alerts and threats, so the team knows where to focus and can shift and augment personnel as required.
AI can provide government agencies with the ability to alleviate chokepoints that occur because of lack of time and resources within a team as it relates to data feeds and risk, while also ensuring and enhancing overall security efforts. AI adoption will continue to rise as it allows agencies to scale cybersecurity efforts well beyond human capabilities.
Seth Culter is chief information security officer at NetApp.