Insight by Splunk

How to take CDM to the next level

The Current State of Continuous Monitoring

If you look at the core design tenets of CDM when the program was initiated, to create better visibility, better awareness of cybersecurity issues across the .gov domain. They’ve effectively done that. Security visibility has improved.

CDM Data Collection

If only 10 or 20 percent of data [collected] is used for that dashboard, what about all that untapped value left there in that data for the agency? There’s an incredible opportunity for agencies to improve their cyber postures.

CDM Plans for the Future

To accomplish more effective risk management … is moving from that reporting, compliance mindset to that operational, action-oriented mindset.

The large federal agencies are all deep into the discovery program known as continuous diagnostics and mitigation. The dozens of smaller agencies are getting into CDM, aided in part by cloud-hosted tools that enable flexible and lower cost ways of knowing and watching what’s going on in their IT assets.

Progress to date gets a success rating from Frank Dimina, the vice president for public sector at Splunk. The company makes software for integrating, normalizing visualizing and otherwise making data from network sensors understandable and actionable. In this video interview with Federal News Network’s Tom Temin, Dimina says that while there’s a long way to go, CDM has given agencies visibility in the cybersecurity threats throughout the .gov domain.

In the next stage of CDM, Dimina says, agencies will realize more value from the data they gather, analyzing for threat hunting and active cyber response. That will happen when agencies figure out how to more readily share that data internally. In many cases, CDM data isn’t shared with the one group that could make the best use of it, namely the security operations centers. He said the challenge for CDM is to turn it from a visibility and awareness program to an operational one.

In the meantime, Dimina says, the request-for-services model initiated by Homeland Security Department and the General Services Administration helps ensure individual agencies get the CDM program tailored to their individual needs.

Moving CDM to an operational construct implies the need to take it from a compliance effort. Otherwise it would become a missed opportunity, Dimina says, adding the government has an opportunity to take a more modernized, operational approach.

Doing so requires thinking differently about the current goal of the program, namely the agency and governmentwide reporting dashboards. The dashboard output will continue to be important, Dimina says, but it won’t be enough. The data forming the dashboards is only a fraction of the data collected, so agencies’ next goal should be to use the rest of the data in an action-oriented analytics environment.

Watch the video to hear Dimina detail how CDM can go to the next level.

Listen to the full show:

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.