When fire departments receive emergency calls, firefighters at the nearest station have to be quick on their feet, gear up and race to the scene. Cities place fire stations strategically throughout their locales so that firefighters can respond as quickly as possible to signs of smoke, knowing every minute is crucial to containing the fire and minimizing damage.
In the digital world, government cybersecurity departments are responsible for putting out fires, as well. Sadly, these fires – in the many forms of cyberattacks – are increasingly common and severe, and organizations often lack the staff and procedures to promptly respond.
Much like emergency services have mastered coordination between a central location and field stations, government cybersecurity departments need a connected response system to extinguish threats across the enterprise as soon as they’re detected.
“In an age where there are increasingly more attacks on systems, government IT departments have to be more proactive in how they answer alerts,” said Chris Usserman, Principal Security Architect/Homeland Security Department (DHS) Shared Services Program Manager at Infoblox. “That means they need a single view of their environments, and they need to have the right people, processes and technology in place.”
Infoblox offers integrations across technology silos that give organizations one hub for cybersecurity.
“So, what should organizations do to unify security responses? Automation and orchestration leveraging native integrations will allow short-staffed cybersecurity departments to navigate a landscape of constant threats as one entity,” Usserman said.
Automation refers to a programmed approach to cybersecurity, both preventative and reactive. With network automation, when an attack hits, the security system can carry out a protocol of what to do with data, whether to shut down access and how to move forward.
Orchestration builds on the automation of each component. Whereas different systems and tools all have their own programmed responses to attacks, orchestration can link those actions together to produce a bolstered defense. And with orchestration, if an attack successfully gets into one system, the entire network won’t crumble.
These two pillars of modern network defenses are crucial, but even with orchestration and automation, security teams will still have to fight through silos and limited visibility to react to attacks – lacking agility and insights. Using integrations, these teams gain a holistic image of their many environments.
“This lets agencies make the best decisions about their automation and orchestration,” Usserman said. “Then, they can prioritize their responses and proactively protect against cyberattacks with visibility.”
The Infoblox Ecosystem Exchange combines dozens of native third-party vendor integrations, enabling a connected cybersecurity ecosystem. With an interconnected single-pane-of-glass view of the agency’s network, an agency would see the bigger picture and the finer details of its cybersecurity posture, while simultaneously having a distinct advantage over its attackers.
And with a centralized command, more granularity and more precise visibility, security teams can stomp out flames at the first sign of smoke.
Takeaway: Automation and orchestration are integral components of a dependable cybersecurity strategy in 2020. But to be one step ahead, agencies also need to look to integrated capabilities so they can truly monitor and protect their whole enterprise.
This article is an excerpt from GovLoop’s recent guide, “The Top Government Innovations of 2019.” Download the full guide here.