By acting on real-time information, thinking ahead and adopting AI tools, agencies can disrupt and defend against insidious tactics from cybercriminals.
Turn Intelligence into Action
Many agencies collect threat intelligence but fail to act on it. “Too often, it just sits in reports instead of being mapped against adversary behaviors or integrated into detection playbooks,” says Jason Palm, SecOps specialist engineer at Fortinet.
True security value happens when intelligence directly informs daily defense. Leaders should:
- Integrate threat intelligence into a continuous threat exposure management (CTEM) framework
- Use knowledge bases such as MITRE ATT&CK, which helps analysts improve detection and response
- Weave threat data into security information and event management (SIEM) and endpoint detection and response (EDR) systems
- Update detection playbooks
- Train analysts to map adversary behaviors
Use AI and Automation
Automation excels in handling routine and repetitive tasks such as triaging alerts, resetting accounts and enriching incident data.
“Using AI and automation extends the reach of small teams by removing a lot of the manual workload,” says Palm. “Often, these repetitive tasks are what lead to job dissatisfaction and analyst burnout. AI and automation unburdens your staff from those tedious tasks, which allows them to focus once again on more meaningful and rewarding work, like threat hunting.”
Stop Reacting and Start Anticipating
The key to successful cybersecurity is for agencies to be proactive and anticipate threats rather than waiting for alerts.
Palm notes that the 5th-century treatise, “The Art of War,” is strikingly applicable to cybersecurity today.
“It says that if you know the enemy and you know yourself, you need not fear the result of 100 battles,” says Palm. “If you know yourself, but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
That’s why proactive practices, such as reconnaissance services, threat hunting, and tabletop or red team exercises, are critical. Agencies need to understand what adversaries may do and train staff to respond effectively. Many breaches can be reduced or even prevented if organizations focus on understanding adversary behaviors.
Map Attacks to Find Weaknesses
Breaking down an attack into tactics, techniques and procedures (TTPs) creates multiple points where agencies can detect and disrupt it, even after initial access. The approach provides more opportunities to catch the attackers during later phases, such as lateral movement, installing persistence mechanisms or starting to exfiltrate data.
Recognizing and defending against known attack patterns helps expose blind spots and strengthens layered defenses, increasing the chance of avoiding damage.
Maintain Human Judgment
Human analysts remain essential. AI can detect patterns and suggest responses, but it’s humans who understand mission context, exercise judgment and maintain ethical oversight. These are elements of institutional knowledge that let you align a threat response with an organization’s specific priorities.
Collaboration makes for the strongest security operations model. AI adds speed, scale and efficiency, while humans validate, interpret and make final decisions that address organizational goals.
Conclusion
Adversaries will continue to innovate as AI becomes more sophisticated, so agencies must assume breaches will happen and focus on resilience.
Turning potential breaches into manageable incidents requires strong detection, rapid containment and practiced response.
Agencies that plan ahead, conduct exercises, and use AI and proactive frameworks will be best prepared for the threats they face today and those that emerge in the future.
This piece was written and produced by the Government Technology Content Studio, with information and input from Fortinet.
