Dennis Reilly, the vice president of federal at Gigamon, said tools like next generation network packet brokers help agencies catch up and get ahead of cyber attackers.
Current CDM Trends
You need to be able to secure and see all your network traffic on the physical network, your virtual environment, and now with more and more agencies shifting workloads to the cloud, you have to extend that visibilities to the cloud.
Vice President, Federal, Gigamon
Zero Trust Framework and DoD Cybersecurity
Agencies have to be able to see the data even if it’s in the cloud and make sure they are protecting it. If you can’t see it, you can’t secure it.
Vice President, Federal, Gigamon
When it comes to cybersecurity, there are two ways to measure progress.
The first is through straight numbers. If you look at reports from agency inspectors general or the Government Accountability Office, agencies have a steep hill to climb.
For example in its December 2018 report, GAO found only 6 of 24 agencies met all nine of the cross-agency priority goals. Auditors also found most of the selected 23 agencies had not fully implemented the tools and services available through the first two phases of the Homeland Security Department’s continuous diagnostics and mitigation (CDM) program.
The second way to measure progress is around impact.
Over the last, say two or three years, how many federal cyber incidents have we heard about and made big news?
Now whether we are becoming numb to incidents because there are so many and so many are so large and we don’t remember, or whether it’s because agencies aren’t making them public like they used to, it’s hard to say.
But there is a feeling across the federal sector based on how agencies survived the WannaCry and NotPetya threats, and the visibility from tools under CDM, agencies are in a better place today to protect their data and networks against cyber attacks than ever before.
Cybersecurity requires agencies to be in a constant state of vigilance and improvement. How do they get there? Where is CDM taking agencies over the next few years?
Dennis Reilly, the vice president of federal at Gigamon, said through CDM and other approaches, agencies are, and will continue to, look to technologies that they can deploy quickly to be a force multiplier to counteract the ever-growing need for more people and more money.
“We’ve seen a good example of that recently. The Office of Personnel Management through the CDM gap fill in the current phase made some major acquisitions for next generation network packet brokers and other cybersecurity tools to plug some known holes that they couldn’t address during phase 1 because there simply wasn’t enough budget support,” Reilly said on the Innovation in Government show, sponsored by Carahsoft. “One of the things that OPM acquired through their gap fill purchase through CDM recently was the ability to inspect inline traffic that is encrypted. With 70% to 80% of the network encrypted, you’ve got to be able to break it, decrypt it, inspect it, re-encrypted it and send it down the network line.”
The goal of “break and inspect” is to do it quickly and seamlessly. In the past, cyber tools doing this type of work created performance issues on the network. Reilly said sometimes it would reduce efficiency of the network by as much as 80%. But he said next generation packet broker can integrate with multiple tools and not impact the network efficiency.
Reilly said while some agencies still are focused on the gap fill exercise using the CDM contracts called DEFEND, many already are looking to other areas to bring in tools.
Under the DEFEND phase of the program, DHS and agencies are focusing on the basic concept of “what is happening on your network?” which includes mobile security, ongoing assessments and network access control. DHS, and its procurement partner the General Services Administration, awarded more than $1 billion worth of contracts under the DEFEND program.
Reilly said agencies want to use these contracts to secure the cloud and network access protections.
“You need to be able to secure and see all your network traffic on the physical network, your virtual environment, and now with more and more agencies shifting workloads to the cloud, you have to extend that visibilities to the cloud,” he said. “You need to be able to see if there is a breach, if there is lateral movement or if data is being exfiltrated. The other area we are seeing a lot of emphasis is we have to be able to handle encrypted traffic because 70% to 80% of the traffic now is encrypted. If you can’t see in that encrypted traffic through something called ‘break and inspect,’ you are blind to too much of the threat.”
He said adversaries are taking advantage of those secure channels creating a new threat vector for agencies.
Reilly said agencies and cloud services providers must collaborate on how to secure the applications. He said agencies need to ensure the security of the data, while the CSP is responsible for the infrastructure or platform.
“Agencies have to be able to see the data even if it’s in the cloud and make sure they are protecting it. If you can’t see it, you can’t secure it,” he said. “They need pervasive visibility on the physical network, the virtual space and out into the cloud as well because that’s where they are responsible.”
At the same time, Reilly said agencies need to ensure the cyber tools they are buying provide the greatest return on readiness and value.
“As agencies are going through digital transformation and looking to modernize their infrastructure, there isn’t a lot of money left over. That is why a program like CDM is so critical. That was Congress’ way of giving a booster shot to cybersecurity, he said. “I just think we need a stronger booster shot because the adversary just keeps investing more and more in terms of machine learning, round the clock operations, and it’s just very challenging for us to keep up. We can’t hire enough people and retain them in government. We need to keep working on that, but that’s why we need to use force multiplying technologies to catch up, get ahead and stay ahead.”
Gigamon® is the recognized leader in network visibility solutions, delivering the powerful insights needed to see, secure and empower enterprise network. Our solutions accelerate threat detection and incident response times while empowering customers to maximize their infrastructure performance across physical, virtual and cloud networks. Since 2004 we have cultivated a global customer base which includes leading Service Providers, Government Agencies as well as Enterprise NetOps and SecOps teams from more than 80 percent of the Fortune 100. For the full story on how we can help reduce risk, complexity, and cost to meet your business needs, visit our website, follow our blog, and connect with us on your favorite social channels Twitter, LinkedIn and Facebook.