During a discussion with NSA and Homeland Security officials on the importance of automating cybersecurity, Philip Quade, special assistant to the director of NSA for cyber, offered an infographic showing the evolution of information sharing.

It starts with sharing information about an incident — just that it took place — and progresses to how the breach was detected, how the damage was mitigated and so on.

"It's not just good enough to understand what to look for but what actions you take based on that," Quade said.

Sharing information about threat vectors, signatures and new malware is an important aspect of a robust cybersecurity posture for any organization. But too much information is almost as useless as none at all.

Adding automation to the process — letting computers do the heavy lifting at machine speed — is the answer, according to Quade.

"What we're trying to get to is automated decision making with a human above the loop," he said. "It's a robot that's making the decisions, to take the burden of the minutia off the human being."

The vendor space hasn't quite caught up to that need, he added.

"There are lots of pitchers but not a lot of catchers," Quade said, with plenty of tools to transmit threat data but few capable of high-level intake and processing.

About Aaron Boyd

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More