I recently joined Phantom to work with our clients in the Federal sector. Though Security Automation & Orchestration traces its roots to public sector, there is still much progress to be made.
There is no shortage in Federal-related news coverage: from open vulnerabilities in wireless networks at HHS, to vulnerability issues and unpatched systems at NASA, to phishing attacks at the IRS, to stolen credentials and malware backdoors at OPM.
Many Federal organizations are working to enhance their security posture by leveraging DHS’s Continuous Diagnostics and Mitigation (CDM) Phase 1 program to help them with their security issues, especially around issues relating to vulnerabilities and patching.
The question remains however, “How are they working to streamline their security operations?”
Automation is clearly a time saver and one important tool to streamline security operations. Customers are routinely taking manual, labor intensive processes that can take hours to carry out and reducing them to automation tasks that run in seconds. We’ve shared several examples of the time-saving benefits in the Playbook Series on our blog.
Faster security is nice. It’s not the only benefit that comes with automation though. Security can also be improved, like using automation to drive accuracy and consistency throughout the Incident Response (IR) process. You can imagine that as alert volume increases, junior analysts become overwhelmed with information, causing them to overlook key indicators. Even experienced analysts might be tempted to make “gut calls” based on previous incidents and incomplete information. With automation, the same data is gathered for every alert, and every alert is investigated and memorialized the same way, every time.
No doubt, we’re just starting to understand the impact automation and orchestration can have on the security industry and the public sector. I’m looking forward to being part of the team leading this change at Phantom.
Federal Sales Manager