Trending topic: The intersection of security, compliance and automation

In a continuously shifting government landscape, efficiency and security are two constants that remain top of mind for federal technology leaders. While agencies face increasing demands to streamline processes and increase productivity, they must also meet stringent compliance requirements and maintain robust cybersecurity. It’s a complex balancing act, and automation holds the key to success. 

Experts from ThunderCat Technology, Tines and the Government Accountability Office recently engaged in a webcast to discuss the intersection of automation, security and compliance. They explored how these key trending topics can be optimized to streamline operations, reduce manual workloads and empower teams to achieve more with less.

How does automation enhance security?

AI implementation is rapidly expanding throughout the government. In 2024, agencies reported over 1,700 AI use cases, more than double the previous year. At the same time, agencies are continuing to shift workloads to the cloud, rapidly increasing attack surfaces. 

“Agencies are really needing to think differently about how to respond,” said Dave Hinchman, director of information technology and cybersecurity at the Government Accountability Office. “It’s easier for bad actors to get the technology to attack you — you have more exposure as we move government increasingly online.”

Uniting the active fronts of AI and cloud growth, agencies can apply automation to keep pace with attack surface expansion and advancing threat actors. By automating security tasks that have traditionally been manual, agencies can take a more proactive approach to threat identification and incident response. Workflow orchestration and automation results in faster response times, essentially becoming a force multiplier for security teams, enabling them to be more efficient and more responsive. 

What are the biggest obstacles to effective automation adoption? 

While AI and automation bring many benefits to security, government agencies must overcome barriers to implementation, related to both people and processes: 

1. The cultural shift. Often the biggest challenge to integrating new technologies are not tools but people. Change is hard, and the stakes in government are high. “Everybody has their own processes and their own systems where they’re automating,” said Navid Wlotzka, principal solutions engineer of federal at Tines. “You want to centralize them into a policy decision point where possible, or necessary, or feasible, and that might cause some heartache, because you're now taking processes away from teams and centralizing them into some other systems.” It’s essential to broach the topic “in a way in which the stakeholders understand this is not something that will replace your jobs but will assist you in your current roles,” said Daren Presbitero, cybersecurity specialist at ThunderCat Technology. The benefit of automation for security teams is taking mundane tasks off their plates, giving them more time for higher-level knowledge-based work.
2. Lack of interoperability and centralization. Government agencies often have a vast collection of disparate tools and solutions in their technology portfolios. A lack of interoperability and open standards between tools and environments can make it difficult to establish a unified automation strategy.  
3. Compliance requirements. Finally, government technology teams have the added responsibility of developing and innovating within the confines of government regulations and compliance requirements. Hinchman, speaking from his experience as an auditor, advised an incremental approach.

“The Big Bang approach where you do some massive upgrade, massive development and drop it on the organization more often than not will fail,” Hinchman said. “Start small, find something that doesn't have a big impact on the organization, get it in place, get the kinks out, make sure it's working. … There are things like zero trust, there are other compliance requirements and FIPS. And so you always want to make sure you're meeting that while you're also doing it in a way that's going to drive adoption.”  

Solutions like Tines can help solve these challenges, Wlotzka said, by taking away the “black box mentality where I don’t know what that automation system is doing, only certain engineers have access to it — they are very highly skilled engineers, and nobody else can do any of these automation processes.” 

What agencies need, instead, are solutions that can make automation easier for everyone. Not only security teams, but mission-driven teams and departments across the agency.

How can agencies balance innovation with robust oversight and control?

Speed is the key to maintaining security and control in a rapidly changing environment. To address threats in near-real-time, incident response must be immediate, and automation can help unlock the level of necessary speed. A workflow orchestration and automation platform that is easy for anyone to use, not just AI experts, is essential to moving quickly and efficiently. 

This also speeds another task critical to security: documentation. Consider SOC operators working through events and alerts. Rather than documenting their own processes, which can be time-consuming and may not be standardized across all operators, an AI agent can do it for them. 

“That just saved the incident responder at least 5 to 10 minutes of time, and not only did it do that, it also was able to document all of the critical artifacts, indicators and anything else that occurred during that incident,” Wlotzka said. “You're not only introducing enhanced documentation, but also standardizing your processes. You now have consistent documentation from auditability and compliance standpoints.”

As security teams, like all teams across government, work to do more with less, any time savings can be a game-changer. Analysts face a daily bombardment of alerts that would be impossible for humans alone to sort through. Automation, however, can reduce response times that used to take 30 minutes to 30 seconds, Presbitero said, and provide multiple courses of action.

Moreover, by integrating orchestration and automation platforms like Tines with threat intelligence platforms, “not only is the analyst making a decision based off of the events that are seen in their local environment,” Presbitero said, “but they're also able to view correlating events and enriched information that's coming from industry or from open source feeds around the threat intelligence space.”

What is an emerging automation capability agencies should look out for?

While much of the focus of AI and automation integration has concentrated on back-end use cases, Presbitero and Wlotzka both expressed the importance of emerging front-end capabilities — creating rapid front-end UI portals, spinning up web pages with discrete inputs for AI actions running in the back end.

“Let's say you just onboarded a brand-new analyst, and they need to know what the architecture of your network is. Having the ability to spin up a web page within seconds, uploading an image and then having AI process that image and actually tell you what's going on in that image is a game changer,” Wlotzka said. “We now took a process that probably took an hour, maybe with multiple resources to explain to a user what is going on in a network diagram, and we did that within seconds. I think that's the future.”

To learn more insights from ThunderCat Technology, Tines and GAO, register to watch the webcast on demand.