Since its inception in 2013, the federal government’s Continuous Diagnostic and Mitigation program (CDM), led by the Department of Homeland Security, has helped agencies discover up to 50 percent more assets inside their systems than they were previously aware of. And they’re able to do it in real time.
That is important because many of today’s threats are not coming from traditional IP addresses like desktops or laptops. They can enter a system through TV sets and mobile devices.
But as each threat is vanquished, a new one quickly surfaces. And there is a particularly difficult new trend that’s taking hold.
“Going forward, I think what we’re going to see is more encrypted data,” said Dennis Reilly, vice president of Federal at Gigamon, during our panel discussion, “Innovation in Government – Cyber leaders and CDM.”
Most agencies, he said, are reporting 70 percent or more encrypted data. And government cyber security leaders believe, if their adversaries can conceal themselves in an encrypted channel, they can slip in undetected.
What’s worse is, they can then set up an encrypted channel to ex-filtrate data and steal intellectual property. As a result, operationalization is what agency leaders are focused on.
Ben Liberty, CDM program manager in the Office of the Chief Information Officer at the Department of the Interior, said during the discussion they are focused on three capabilities, “vulnerability management, hardware and software asset management, and configuration settings.”
Kevin Cox, CDM program manager at DHS, said during the discussion, in the next two years, “we want to mature what we have in place. We’re about to roll out are a new scoring algorithm ‘Aware’ to help agencies measure their overall security posture.”
More innovation, expanded visibility to the cloud and mobile, is the objective he said. Ultimately, DHS wants to ensure that agencies’ data wherever it is, is protected.
Priorities of the CDM Program
What we see is the acceleration of the adversaries’ adaptation. We see not only that in the tactics, tools and procedures that they're using but also we see that increasingly in a convergence with the geo political forces and sometimes kinetic activity with cyber security.
Tom Welsh
Director of Systems Engineering, Public Sector, FireEye
Value of Technology and Practices of CDM
We are working to insure the foundation is solid across all of the agencies. Part of that is to get full mission operationalization out of the tools to ensure that the agencies can incorporate the value of the tools into their day to day operations, and into their security operations and really be able to step up in terms of their overall awareness and be able to use the information to benefit the agency.
Kevin Cox
CDM Program Manager, Department of Homeland Security
The short term projects we are really excited about are:
That we have enterprise vulnerability shared service capability. We already have vulnerability management throughout the department but were there two separate solutions to bring those together into that enterprise program.
We have a privileged access management solution that were piloting at some of our data centers…
And then application blacklisting, so that we can produce a move from application blacklisting to application white listing. I think that is going to be really exciting for us.
Ben Liberty
CDM Program Manager, Office of the Chief Information Officer, Department of Interior
Listen to the full show:
About FireEye
FireEye is the intelligence-led security company that offers a single platform, blending security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. We have a unique understanding of the challenges federal governments face, and we systematically align our solutions and products to meet their needs.
About Forescout Technologies
Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk.
About Gigamon
Gigamon® is the recognized leader in network visibility solutions, delivering the powerful insights needed to see, secure and empower enterprise network. Our solutions accelerate threat detection and incident response times while empowering customers to maximize their infrastructure performance across physical, virtual and cloud networks. Since 2004 we have cultivated a global customer base which includes leading Service Providers, Government Agencies as well as Enterprise NetOps and SecOps teams from more than 80 percent of the Fortune 100. For the full story on how we can help reduce risk, complexity, and cost to meet your business needs, visit our website, follow our blog, and connect with us on your favorite social channels Twitter, LinkedIn and Facebook.
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.