Automation for the People: Empowering the Cyber Workforce

With federal agencies reporting tens of thousands of cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA) each year, and a demonstrated deficit in qualified cyber professionals in the workforce, cyber analysts and threat hunters now more than ever need solutions that help them keep pace with the evolving threat landscape. Protecting national security in the face of threats posed by modern adversaries requires new thinking.

One way to address cyber workforce challenges is to enable cyber responders to do more at every level, while lightening their workload. By focusing on the people who perform cyber operations, Peraton is finding ways to leverage artificial intelligence/machine learning (AI/ML) to automate mundane—yet critical—processes and empower threat response teams to perform high-level actions more quickly.

At Peraton, process automation is not about finding ways to replace people but rather to activate them—to support them—while increasing their capacity. Another way to think about it: Peraton is working to give them a superpower.

‘What keeps you up at night?’

ThreatBoardTM is an analyst-first, scalable digital solution that provides cyber insights meant to drive timely action. It is designed to enable teams to react, respond, and defend at machine speed.

ThreatBoard tier 1 analyst

ThreatBoard heatmap

Before developing ThreatBoard, Peraton engaged stakeholders at the Department of Homeland Security, Department of Defense, and numerous other federal agencies to get clarity about their most pressing threats, then worked directly with CISA analysts and threat hunters to understand process and procedure—so Peraton could develop a solution with the capabilities to make the load lighter and the work more accurate.

At the core of the challenge was a lack of awareness of the millions of data streams that move into and around an organization daily. This lack of visibility—and an inability to correlate internal and external events—makes it nearly impossible to identify new threats, address undetected events, or develop effective defenses against the entire threat landscape.

Sometimes, government agencies and security teams inadvertently create hurdles for themselves. By developing or purchasing a variety of different proprietary systems to gather information about what’s happening in these environments, they create data silos between the threat response teams, resulting in decreased visibility.

No matter how good an organization’s detection and protection capabilities are, broad-scale attacks can only be detected when all the relevant data is stored, correlated, and readily available to analysts and threat hunters.

ThreatBoard’s Threat Management platform allows customers to integrate any source of cyber event data, regardless of format, into a single consolidated data repository for enrichment and enhancement of threat information—eliminating the silos and making data accessible to parse, correlate, research and act upon at machine speed.

ThreatBoard attack mapping

ThreatBoard IOC correlation

Design with every user in mind

A team that can see the entire threat landscape has a greater chance of successful response, but current security systems can only process a fraction of data streams in real-time. Others rely on indicators of compromise (IOCs) to trigger an alert, which could then require hours of human review to parse. ThreatBoard uses natural language processing (NLP) and AI/ML to present the analyst with all relevant information at the time of an incident, minimizing the number of decisions, limiting potential wrong turns and rabbit holes, and reducing hours of research down to minutes—empowering them to operate at five-to-ten times their current capacity, without adding to their workload.

ThreatBoard was built with a user-centered design upon a data fabric platform and accessible with Fractals™, a Peraton proprietary browser-based web application that allows every user, regardless of their level, to quickly customize how they see data. It enables everyone to work from the same datastore of compete threat information and features a library of preconfigured widgets designed with each team role in mind. With ThreatBoard’s integration with common messaging platforms, team members can efficiently generate standardized event reports and quickly activate the next level of response.

Peraton understands that cyber professionals across agencies have varying degrees of expertise and experience. Adversaries know this, too. Ensuring that the right information is acted upon is difficult—and attempting to find these events after the fact is a challenge for even the most advanced response teams. That’s why ThreatBoard is a game-changing innovation for national security.

Download Peraton’s whitepaper on ThreatBoard: Enhancing the Hunt