Today’s cybersecurity attacks are frustrating. Attackers are creative, flexible and never ending. Viewing this at a high level, the Department of Homeland Security has worked with Congress to implement Continuous Diagnostic and Mitigation programs, commonly known as CDM. One variation on that approach is from the Defense Department with a concept of the Comply to Connect program, or C2C.  Much confusion has ensued trying to understand the differences and applications of both concepts.

During a recent interview with Federal News Network, Ryan Latreille, chief technology officer for Three Wire Systems, compared the different concepts. After explaining the key differentiators, he went on to discuss scope of control, the weakness of a point solution, and the value that a framework like ATT&CK provides for cybersecurity.

Latreille also put into perspective how the National Defense Authorization Act can be applied through automation, and its impact on auditing and risk management.

The Relationship Between Comply to Connect and Continuous Monitoring

When there are humans involved in the organization, there will never be perfect security.

Ryan Latreille

Chief Technology Officer, Three Wire Systems

Automation

ATT&CK is a great framework. That is essentially the tactics, techniques, and procedures that adversaries will use to exploit vulnerabilities inside networks.

Ryan Latreille

Chief Technology Officer, Three Wire Systems

Technical Debt

How do I ensure that my network is being secured and how am I automating to alleviate and repurpose some of my human assets to do more human-centric things versus just discerning white noise?

Ryan Latreille

Chief Technology Officer, Three Wire Systems

Listen to the full show:

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.