When the federal government launched its Continuous Diagnostics and Mitigation program, it was intended to give agencies the tools they needed to know definitively who and what assets were operating on their networks, with the goal of reducing cyber risks.
A growing number of agencies, however, are on the cusp of gaining a far more powerful view of their network operations and overall cybersecurity posture, says Frank Dimina, vice president, America and public sector, at Splunk, in a new report.
What agencies and program leaders are starting to appreciate now, he says, is how the CDM program is generating a treasure trove of dynamically-integrated IT operating and security data, capable of helping agencies establish a more comprehensive view of their security posture.
“The added integration and analytics capability of CDM, compared to the underlying monitoring systems, is equivalent to going from looking at snapshots from a point in time, to having the fidelity of a live video feed,” says Dimina, in the new report, “Leveraging CDM to federal cyber strategies.”
The report, produced by FedScoop and underwritten by Splunk, features a series of articles and commentary perspectives that highlight how CDM is poised to help agencies improve their IT operations as well as their security.
One of the ongoing challenges agencies face — and where CDM’s automation capabilities are seen as a potent solution — lies in managing the explosion of data flowing into security and network operation centers from a widening array devices, sensors and applications, says Michael Guercio, business development and strategic program manager at Splunk. That leads to a related challenge of how to remediate a growing number of vulnerabilities.
“Remediation is still a manual process that requires IT teams to allocate valuable time and resources,” he says in the report. “That’s where one of CDM’s underappreciated capabilities comes into play. In addition to the ability to stitch together information from multiple sources, CDM’s tools also provide the ability to automate the execution of identification and potential responses, based on agencies’ most critical threats, their risk posture and their risk threshold.”
Guercio points to Splunk’s Phantom platform as example of the kind of tools available through the CDM program that are available to help agencies with those challenges.
Phantom provides an orchestration automation and response technology to help correlate data and create a single picture of the agency’s cybersecurity posture. “It also can automate remediation processes and augment existing NAC technologies across the tool stack,” he says.
“It doesn’t matter if an agency is using ForeScout, or if they’re using Cisco ISE, or even within a more federated agency’s IT organization. Phantom provides the automation of these tools into one service so that agencies have a single, easy-to-interpret view with checks and downstream actions initiated without human intervention.”
The report also highlights how CDM has helped agencies reduce operating costs, by identifying under-utilized assets and software licensing costs.
Read more about how CDM data integration and security analytics are enabling real-time visibility and operational efficiencies at federal agencies. And learn more about Splunk’s “Data-to-Everything Platform” capabilities for the public sector.
This article was produced by FedScoop and sponsored by Splunk.