The report titled “Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation” is underwritten by Palo Alto Networks and is based on an online survey of 150 federal employees that work with security operations teams, MeriTalk said Monday.
“To address todayâs threats and prevent successful cyberattacks, itâs imperative to automate the creation and distribution of new protections in near-real time and predict the attackerâs next step,” said Pamela Warren, director of government and industry initiatives at Palo Alto Networks.
“The survey indicates feds have plenty of data, but need to implement the tools and the processes to achieve that goal,” Warren added.
MeriTalk added 20 percent of respondents said that 12 or more members of their agency’s security operations center team create custom signatures for security technologies; correlate isolated network events and indicators of compromise; and form actionable threat intelligence from various feeds.
Thirty percent of federal security operations employees are inclined to invest in technologies that will automate signature creation and distribution, the report found.
The survey also revealed 71 percent of agencies use automated analysis and reports to address data volume and focus on tracking targeted attacks while 48 percent use dynamic analysis, 32 percent apply static analysis and 19 percent practice machine learning techniques.
Security operations employees subscribe to an average of 25 external feeds daily and 72 percent of respondents state it takes hours to days to identify unique threats while 81 percent say it takes the same amount of time to form security changes.
MeriTalk noted 15 percent of respondents claim their agencies can establish security measures against new threats within minutes while 17 percent can distribute protections for enforcement during the same time frame.
Sixty-one percent of agencies have the capacity to automatically disseminate information on malicious behaviors across different enforcement points.
Most agencies monitor traditional entry points like mail servers and internet gateways but less than half protect data centers, Software-as-a-service enforcement points and mobile endpoints, according to the report.