Securing the Digital Battlespace with Automation & AI 

Defense and Intelligence agencies face a growing challenge: not just cyberattacks, but the complexity of managing sprawling, disconnected IT tools. Modernization has delivered more applications than ever before. But without integration, they can slow incident response and introduce risk instead of reducing it. 

In a recent discussion, former U.S. Air Force Intelligence Operative AJ Nash and Mattermost Solutions Engineer Colton Shaw offered actionable recommendations to streamline IT operations by pairing automation with centralized collaboration. 

Founded in an approach employing AI and automation, the experts detailed real-world solutions to address tool sprawl, strengthen resiliency and, ultimately, secure the digital battlespace.  

Even the Best Security Plans Fail without Alerts 

According to Shaw, the biggest blind spot is not always the attack surface; it is the absence of real-time, centralized alerts across IT operations. 

“You can have the best defense system ever and the best processes ever, but if you’re not receiving alerts in a timely way and automatically reacting to them, it’s useless,” Shaw explains. 

To illustrate this point, he shared an example of where an organization’s security orchestration, automation, and response (SOAR) platform had the right data but failed in practice. The challenge was not the penetration test itself, but the inability to prioritize and act on information across disparate systems. 

Combating Tool Sprawl with Centralized Collaboration & Automation 

While technology modernization offers endless options for new tool implementation, Federal programs need a solution that securely integrates and automates these advancements into a single common operating picture. 

And without a clear objective for seamless command and control (C2), operations can become vulnerable to tool sprawl.  

The challenge is pulling the right people, the right technology, and the right data into one place — and quickly. Federal agencies often implement multiple tools for monitoring, detection, and reporting. But program offices need a way to connect them into one secure environment. Without automation and centralization, teams lose valuable time switching between platforms, duplicating reports, and reconciling data. 

“If we don’t have any automation, we lose right away,” Shaw says. “You see automation as a part of SOAR platforms, threat detection, endpoint detection — all of these different components have automation built into [them], and we can automatically respond, automatically report on it, and escalate through that.”  

While reliable automation needs to be baked into incident response, the technology does not resolve IT problems on its own. According to Shaw, combining automation with a centralized collaboration space — ensuring all alerts, responses, and communications flow through a single pane of glass — enables teams to cut through the noise, increase focus, and act decisively when every second matters, using all available data to make the best decisions. 

Automating Resilient Response Plans 

The foundation of operational resiliency is thorough preparation. 

“If you’re not testing these systems and really understanding how they break, where they fail, what they look like, you’re not going to succeed in a crisis,” Shaw explains. 

In addition to regularly testing processes, Shaw encourages teams to design response playbooks that are as simple and as “dummy-proof” as possible. 

“When we’re panicking, we’re not thinking straight,” he says. “That’s where AI comes into play.” A team might have the best alerting rules in the world, but it is still a lot of data to parse through manually. By leveraging AI, big data can be summarized instantly, with the most important information surfaced automatically—ultimately accelerating response times. 

Beyond prioritizing alerts, AI can help automate data flows and streamline analysis, reducing the cognitive load on teams during high-pressure moments. At the same time, processes should remain straightforward so staff can act clearly and confidently when incidents occur. 

Pointing to how Mattermost solves the pain points, Shaw shared an example of a customer using Mattermost as an out-of-band communication system. Whenever they experience a cyber threat, the team immediately deploys Mattermost to coordinate their response. 

“It’s responded very well whenever they have internal outages anywhere,” Shaw says. “That’s their process. It’s dummy-proof.” 

Watch the webinar to learn more about how DoD and Federal program offices and IT teams can protect the digital battlespace using secure collaboration, automation, and AI.