If US federal agencies don’t want to fall further behind, they need AI-based Security Operations
Federal agencies are beginning to invest more in artificial intelligence according to a US Government Accountability Office (GAO) study. Agencies are deploying AI for diverse purposes to strengthen each of their unique missions. We all know AI can make just about anything more efficient, especially human workflows that are mundane and expensive to operate. Security Operations (SecOps) is probably the most critical use case that can be completely redefined by AI while having both a tremendous impact on successfully defeating next gen cyber-attacks and significantly reducing operational costs.
Legacy SecOps: Mature but Outdated
A very large agency’s CISO recently told me “Of course every agency has a SOC … and they are all very MATURE and perhaps a tad legacy.” However, “mature” and “legacy” don’t sound very intimidating to cyber adversaries. These SOCs often rely heavily on human analysts to handle the majority of tasks—a costly approach further complicated by the ongoing challenge of retaining expert talent. In 2025, replacing legacy SecOps solutions, such as MDR and SOAR, must become a top priority. While these technologies have served their purpose, they struggle against sophisticated, next-generation AI-driven cyberattacks. Moreover, these mature SOC technologies are very human dependent. An AI-powered SecOps platform can revolutionize operations by automating up to 90% of Level 1 and Level 2 SOC tasks, drastically reducing mundane, time-consuming workflows.
The Office of Management and Budget (OMB) laid out strict requirements in OMB M-21-31, which aims to enhance federal agencies’ centralized visibility into logging data throughout the lifecycle of cybersecurity incidents. However, a recent study identified three key challenges agencies face in meeting these requirements:
- Insufficient staffing
- Event logging technical challenges
- Limitations in cyber event information sharing
Overcoming Federal SecOps Challenges with AI
- Accuracy: Early data from January to September 2024 indicates a 98% accuracy rate in detecting next-generation cyberattacks, a marked improvement from the 92% accuracy achieved with traditional machine learning.
- Automation: The most time-consuming aspects of SecOps—Level 1 and Level 2 investigations, decision-making, and responses—can be automated by over 90% with AI. This not only saves time but also enhances accuracy. When paired with expert human oversight, SOC teams can focus on addressing threats instead of managing alerts.
- Sustainable Workforce: AI handles the labor-intensive tasks of investigations, decisions, and responses, freeing top-tier talent to concentrate on complex cases and strategic projects—the work they find most fulfilling.
- Compliance: An AI-powered SOC equips government agencies to meet critical requirements and remain compliant with frameworks like M-21-31.
This is a huge win for government agencies. The time is now to address this. The time is now to bring AI based automation into their SecOps.
