Washington D.C. – The implementation of security orchestration, automation, and response (SOAR) technology in federal agencies has been mandated as a measure to secure systems and limit the risk of security incidents. The measure has been notified in the new cybersecurity strategy for federal agencies by Cybersecurity & Infrastructure Security Agency (CISA) and the Biden administration. The decision aims at moving the government toward a zero-trust security model.
The strategy is an extension of the May 2021 executive order, which seeks to improve the nation’s cybersecurity posture and goes as far as to mandate specific cybersecurity standards to be implemented by the end of 2024. As a part of the strategy, the CISA announced in late July 2022 that it plans to update its Zero Trust Maturity Model, a roadmap for agencies to reference as they transition towards a zero-trust architecture. The Executive Order M-21-31 also mandates security automation as part of the effort to improve the government’s investigative and remediation capabilities related to cybersecurity incidents.
SOAR (Security Orchestration, Automation, and response) is critical for integrating the components of a zero-trust model. Security automation, specifically low-code automation, is essential for implementing a zero-trust strategy and making it easier for federal agencies to comply with cybersecurity mandates. It reduces repetitive work for security teams and allows for a wider range of employees to contribute to building security automation. It also provides greater visibility into risk posture and allows for efficient regulation of access to networks. Without security automation, it is not feasible for federal agencies to handle the volume of security alerts and complex processes while dealing with a smaller staff. Security teams should consider low-code security automation a crucial part of meeting zero trust and SOAR requirements and agencies should choose an automation platform that supports a wide range of use cases.
Around 55% of IT professionals find it challenging to choose vendors for their strategy, but adopting SOAR can be made easier with the right advisory. Therefore, organizations are also advised to integrate SOAR with SIEM or log management tools and create automated incident response playbooks. To maximize the value of SOAR adoption, prioritizing processes for automation based on the agency’s security stack and the attack surface is important.
According to Shekhar Menkudale, Analyst at Quadrant Knowledge Solutions “Technological advancements, along with the embrace of SOAR along with the zero-trust technology by the US federal government, pinpoint the increasing capability of the technologies to address the demands posed by an increasingly complex security landscape. The technologies reduce the burden on agencies by automating threat detection and response. The addition of low-code automation will act as a catalyst for SOAR market growth, as it will allow organizations to reduce dependency on developers. Therefore, SOAR vendors should focus on implementing Low code technology in their SOAR offerings”.
Shekhar Menkudale, Analyst, Quadrant Knowledge Solutions