Enhance content aware, rapid, and automated anomaly detection, both in network traffic/usage as well as user behavior. In-memory analytics powerful for this work. Be able to detect and respond in minutes not hours weeks and months.
Clarify a “hotline” reporting channel for people who suspect an issue, in agency or government-wide – if a user sees a potential problem, can check with team to for tech assistance on whether it’s real and what are next steps. Sort of a help desk for cyber reporting.