The National Security Agency (NSA) released on Wednesday a new Cybersecurity Information Sheet (CSI) sharing recommendations for automating routine tasks to better focus resources on investigating anomalies associated with advanced tactics, techniques, and procedures.
This CSI – Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar – is part of a series of guidance NSA developed to assist Defense Department (DoD) customers in piloting zero trust systems. NSA released guidance on all the other zero trust pillars – user, data, device, network and environment, application and workload, visibility and analytics.
“From the outset of this project, we’ve acknowledged and appreciated the value of implementing a Zero Trust framework for providing the best defense against data compromise,” Dave Luber, NSA’s director of cybersecurity, said in a statement. “Our mission has been to expand upon the DoD’s seven pillar zero trust model in a way that makes it accessible and practical to organizations of all types. As zero trust is being implemented, the positive and far-reaching applications have been encouraging to witness.”
Automation and orchestration is the final pillar in the DoD Zero Trust framework, and this is the final CSI in the series.
The CSI defines automation as the use of software to control repetitive tasks, and orchestration as the coordination of IT processes and workflows to ensure proper management of tasks.
It highlights the need for dynamic security responses to speed up threat identification and reaction through automation. It also outlines key capabilities and recommendations for the automation and orchestration pillar and provides guidance for achieving higher maturity levels in these areas.
According to NSA, the Automation and Orchestration CSI highlights three key areas that span the capabilities of the pillar.
First, the CSI recommends that organizations employ automation and orchestration methods to address repetitive, labor-intensive, and predictable tasks for critical functions and access control. Second, it also recommends that organizations employ advanced algorithms and analytics, specifically artificial intelligence (AI) and machine learning (ML), to enhance critical functions.
Lastly, the CSI suggests that an organization’s ability to coordinate security operations and incident response is vital to its security and should be aided by AI and ML, as well as other automation efforts to detect, respond to, and mitigate threats more quickly and effectively.
NSA expects to release additional guidance to help organize, guide, and simplify incorporating zero trust principles and designs into enterprise networks.