In the age of zero trust, diverse IT environments and constancy of attacks, cybersecurity has become a matter of data analysis. Endpoints and networks produce continuous streams of data, and organizations can’t wait around to manually ferret out what the data tells them.
“When you talk to IT leaders or security leaders, one of the things they will all frequently echo as a common struggle is the amount of time spent de-conflicting, deduplicating and consolidating data,” said Melissa Bischoping, the senior director of security and product design research at Tanium. “Is it really necessary to be looking at spreadsheets of data and deduping after the fact? Why are we not working off that single source of truth?”
In fact, data consolidation goes hand in hand with rationalizing the sets of cybersecurity tools an agency uses, each of which produces data, Bischoping said during Federal News Network’s Industry Exchange Cyber 2026.
“Being able to consolidate your tool sets and have that unified viewpoint not only saves you time, but it’s critical to confidence,” she said. “We don’t have the luxury of looking at one- to two-week-old or one-month-old scans of information and using that to make decisions.”
As artificial intelligence speeds up cybersecurity imperatives, both newness and accuracy of decision-making data become more critical, Bischoping added.
“You have to be confident that the data is accurate, and the accuracy comes from real-time updates versus knowing what data is stale,” she said. “When you have that, you’ve now got a source of truth that you can use to make decisions as you mature your organization.”
When the organization can have confidence in its data, Bischoping added, it will be able to “layer in automation and AI workflows on top of that quality data and pair that up with governance so you’ve still got a human in the loop.”
Achieving absolute transformation
Bischoping advocates the idea of autonomous IT operations enabled by AI.
In modern technology ecosystems, she said, “you can’t have the silos of compliance, security and IT ops, and help desk. They really do have to function as a cohesive unit to accomplish the mission.”
Full autonomy is still a way off, Bischoping said, “but you’ve got real-time data, a single source of truth. You’ve got transparency. You’ve got the right governance. Now you can supercharge your teams to make decisions faster and know that those decisions have confidence behind them.” She called that state absolute transformation.
“Tanium’s premise,” Bischoping said, “is having a single view with real-time data, so that you can see every endpoint, see every action, govern and have control over those actions, and then automate some of that mundane to make your teams more efficient and accomplish your mission faster.”
To reach that status requires having all three — data, transparency and governance — in place. “When you have those three pieces of information in place with whatever your toolkit is, you actually see success and return on the investment,” she said.
Bischoping described governance as having control over whether to change something and having a process for approving and monitoring changes that take effect. Then, it’s necessary to have measurable outcomes and workflows.
“You need to actually know what you’re going to accomplish and how you’re going to measure success,” she said.
Obtaining the necessary data in turn requires what Bischoping described as good foundations for understanding your IT operation.
“Foundations still are based on asset visibility; accurate, real-time, inventory; and telemetry,” she said. Those plus detection capabilities “are the foundation of everything we do in security. You can’t do autonomous IT workflows like threat hunting and automated investigations if you don’t have great telemetry and real-time visibility behind it.”
Applying autonomy to cyber
What does autonomous security look like? For Bischoping, the more precise question is, “When we talk about autonomous security, we should step back and say, ‘What do we actually need to be automated as security practitioners?’ ”
She said operations will always need some degree of human intervention. That means the most promising area for automation concerns investigation and incident response, Bischoping said.
“The challenges being faced, especially in investigation and incident response,” she said, “are the time it takes to rule something a false positive or a false negative, that manual effort of data collection or collecting additional artifacts, as well as just validating [whether] this makes sense in my environment.”
Therefore, Bischoping said, the innovations in data handling and analysis “are going to lead autonomous security to be something that educates the user and takes that bidirectional feedback.” She added that agentic AI systems will amplify the efforts of human technical experts to arrive at courses of action to preserve security.
“What I expect to see is reduction in the time it takes to resolve an incident,” she said. The combination of better and sooner data, agentic AI and human skill will enable earlier identification of adversaries and evaluation of forensic data before it goes stale. “I think all of that’s going to get faster, which is going to make us more effective.”
The coming increase in automation and autonomy will also alter what cybersecurity people do and how they do it, Bischoping said.
Changing the nature of cyber work
“One, I think this is going to help a lot of us breathe a sigh of relief,” she said. That will come from the new, AI-powered tools that cut through data analysis faster than people can.
“I’ve been in that practitioner’s position,” she said, “and that’s something I’m mindful of — just the amount of data we ask the average practitioner to consume on a daily basis and make educated, accurate decisions where there’s no room for error.”
Second, when training and equipping our cyber teams, “we have to teach the critical thinking and analysis of where AI can be a tool and where it can be a liability,” Bischoping said. Organizations will need to answer the question of whether they have the right checks and balances “and making our security practitioners aware and educated about how to use AI responsibly as part of their workflows.”
She added that practitioners will also have to learn to apply judgement on the accuracy of recommendations generated by autonomous systems.
“Fortunately, a lot of the practitioners I know have that healthy sort of apprehension of not wanting to turn over the keys,” Bischoping said. “I think security, specifically, will keep the human in the loop for quite some time.”
Discover more articles and videos now on our Federal News Network’s Industry Exchange Cyber 2026.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
