Agencies that are implementing the Continuous Diagnostics and Mitigation program have an opportunity to use the CDM data to increase the value of cyberdefense and cyber-operations programs.
There’s a wealth of sensor data for CDM reporting that has an untapped value. Operationalizing it lets CDM become more than a compliance program, says Frank Dimina, vice president of public sector at Splunk, in a new podcast.
“[CDM] data is collected to create the master device record that tells the government what is on the network … and provides some great learning and insights, and maybe some surprises to [leaders] at the agency,” explains Dimina.
But while that additional data may not be center stage for the purpose of the CDM program today, fusing it with other information like perimeter traffic, IPS and firewall data can actually increase insights for the SOC.
In a new FedScoop podcast, Dimina explores how agencies can take greater advantage of CDM to gain a bigger picture of who and what is connected to their networks, as well as their overall security operations, underwritten by Splunk.
Untapped value agencies are overlooking
While agencies have implemented different tool sets to support the requirements of the CDM program, each of those tools has capabilities that extend beyond the CDM reporting requirements.
“All these sensors today are sending their data into this data integration layer, layer B. This layer was necessary in the architecture to make CDM work because of the volume, the variety and the velocity of all the data being generated,” Dimina explains. “But the [CDM] dashboard itself is not capable of scaling, processing or handling that data for operational purposes.”
Integrators and industry partners, like Splunk, are part of that integration layer, whose purpose is to collect, normalize, integrate and export all the data from all these tools and sensors.
“[What Splunk provides] is a schemaless architecture which enables a SOC analyst, or someone working on the cyber hunt team, to leverage this data that might not have been exposed to them before,” he says. “The ultimate outcome here is greater visibility, but more importantly greater fidelity so they can make more informed smarter decisions with a higher degree of confidence.”
Dimina stresses that this capability doesn’t require spending on any additional tools. Instead, industry partners can lend expertise on how to leverage CDM technology to access this untapped value.
How this information translates into wider savings for agencies
“CDM is a separate and distinct set of tools within an agency environment, and one of the challenges of this is that keeping those tools separate may be a missed opportunity,” Dimina says.
Some agencies may have multiple tools with a very similar function. They end up maintaining duplicative tools and skillsets.
“There’s a win here where they are able to not just modernize the environment, but to look at where they have overlapping capabilities to remove some duplication. Then they can reallocate budgets to new initiatives, other cyber priorities that have not been addressed by CDM, or across other parts of agencies,” he explains.
The ultimate goal of operationalizing CDM data is to gain exponential benefits for their cyber program, Dimina says.
Listen to the podcast for the full conversation on making the most of CDM DEFEND data. You can hear more coverage of “IT Security in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
Frank Dimina has more than 20 years of experience leading technology organizations. He has played an active role over the years working with and helping federal agencies take greater advantage of their technology.
This podcast was produced by FedScoop and underwritten by Splunk.