Paul Kurtz, chief cybersecurity adviser for public sector at Splunk (Nasdaq: SPLK), said government agencies looking to have access to real-time operational intelligence to speed up threat detection and incident response and improve their cybersecurity posture should adopt automation and advance collaboration.
“Agencies should have intelligence workflows that fuse together data in real time, automate the prioritization of that data and update defenses without necessarily having a human in the loop,” Kurtz wrote.
“Furthermore, when agencies successfully integrate information from security tools and intelligence sources in real time, they develop valuable data that can be used to train machine learning models, and they can refine those models as more events are correlated,” he added.
Kurtz stated that agencies should consider how their security operations centers can collaborate to facilitate real-time data sharing.
“When agencies share what they’re experiencing with one another in real time, they strengthen their ability to protect government systems on an exponential scale,” he added.
He also discussed the concept of zero trust and how the May 2021 executive order on cybersecurity drives agencies to adopt zero trust.