3 ways CDM will help agencies change cyber behaviors
April 21, 2020 3:20 pm
4 min read
This content is provided by Elastic.
By George Young, Vice President of Public Sector, Elastic
Since its inception in 2012, the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program has proven itself as an essential tool, monitoring the cyber posture of networks and systems across the federal government.
In order to leverage all that CDM has to offer, federal agencies must be prepared to apply a more agile, risk-based approach to their cybersecurity strategies using actionable data. With the new CDM flexibility provided by DHS, agencies will have more control over which tools will go into their environments to help them address their gaps. As CDM advances, the program will transform cyber behaviors across all levels of agencies and enable the evolution of cyber policies and processes across government.
Here are three ways CDM will prompt important changes in cyber behaviors:
Harnessing the Power of the Dashboard
From phishing to ransomware, today’s increasingly complex threats require the ability to view all of your critical data through a single pane of glass and then analyze it at a granular level. The first iteration of an updated CDM dashboard will be built on Elastic and deliver powerful search and ingest capabilities. CDM Dashboard II will empower agencies to improve cyber awareness with the most sophisticated analytics at their disposal – making it easier to collect and visualize cyber data to prioritize threats.
The dashboard will eliminate ingestion bottlenecks and increase scalability, giving agencies a much more accurate picture of their cyber hygiene because they will be able to create that picture from a wider variety of data. In addition, Dashboard II will remove stale data so that intelligence is focused on what’s happening in real time. Finally, being able to easily get data in and out of the dashboard will make it easier to integrate with other systems, enhancing the function of the data integration layer for some connections and mitigating existing latency problems.
Agencies can draw on the additional features available in Elastic through the dashboard to perform a number of search queries like retroactive analysis, so they can quickly utilize historical data to better understand exactly what’s happening on the network at that moment, determine when an attack happened, and identify the extent of its reach into a network. Elastic capabilities and features allow agencies to zero in on the most serious threats first, sending alerts to network managers when critical risks are detected, and allowing them to generate custom reports to distribute to essential staff members. Automating and streamlining the gathering, standardization, and correlation of data frees up highly trained personnel and eliminates barriers for new users.
Aggregating Data Visualization
Currently, agencies can fine-tune the data they collect through the integration layer before it goes to the agency dashboard, and, ultimately, the federal dashboard. This process ensures the data is cohesive and that metrics are easier for analysts to digest with apples-to-apples comparisons.
To improve agility some federal agencies may decide to collapse their integration and dashboard layers so they have fewer moving parts and faster time to information. By doing this, agencies can view and analyze common variables and data elements in one place, helping to inform a better understanding of potential threats and reducing latency from the two-part collect and upload approach. Moreover, cybersecurity personnel will be better equipped to keep pace with the evolving threat landscape.
Securely increasing data access
One of the most important goals of CDM is getting the right data to the right people. However, doing so requires a common data lexicon for both cyber leaders and analysts. Even as agencies continue to increase data access, they are empowered with controls to ensure that sensitive information is only viewed by authorized audiences in accordance with policies, roles, and responsibilities.
Future iterations of CDM Dashboard II will allow agencies to limit and restrict access to data at both the field and the document level, all while eliminating the need for multiple cuts of the same data. This allows analysts to contribute more directly to better cyber policies and processes while making sure sensitive data never falls into the wrong hands.
Ultimately, the future of CDM will mean prioritizing cyber-first objectives in addition to compliance-based ones. By using Dashboard II’s capabilities and tools to their fullest, federal agencies will be able to stop cyberattacks with asset-based risk management rather than compliance reporting. Through the power of a new dashboard, data aggregation, and secure democratization of data, CDM will dramatically change cyber behaviors for the better – enough to scale up agency defenses as well as the entire Federal Government’s cyber posture.