Most agencies have to confront the same challenges when trying to implement CDM capabilities.
Fremont, CA: The adversaries in cyberspace leverage automation and artificial intelligence to mitigate large and costly deployments of commodity network and system security stacks with very less effort and expense. The Federal organizations report new cyber intrusions every day; defeating these attacks is the most critical national security challenge. In response to it, the Homeland Security Department started the Continuous Diagnostics and Mitigation program in 2013 to offer adequate, cost-effective, and risk-based cybersecurity with the very efficient allocation of cybersecurity resources.
Even though the program has found success between a select few agencies, most agencies struggle to understand the full vision of the CDM program.
Homeland Security’s Govt. Cybersecurity Architecture Review program also known as .govCAR, makes sure that the agencies shift away from enforcing capabilities based on perceived risk and instead identify the magnitude to which they have weak capability coverage to spot and tackle identified threats.
Numerous agencies are working on implementing asset management and identity and access management capabilities and have not started yet to focus on network security management and data protection management. It is because of the common challenges agencies face when seeking to enforce CDM capabilities. Although most of the agencies have a plethora of particular abilities and tools at their disposal, these are generally segmented and siloed, sourced from an array of providers, and eventually do not communicate well with each other.
It prevents them from attaining a comprehensive view of their cyber terrain, and this is a significant hurdle for many agencies. In the absence of full visibility, agencies are not able to completely comply with the goals of the CDM program; analyzing what is on the network, what is happening on the network, who is on the network, and how agency data is protected.
Eventually, this will bestow the agencies with the ability to understand both the content and context of security events. Merging deep and broad visibility on both network and endpoint with quick, comprehensive detection enables security operations teams to employ detection techniques like network traffic analysis, payload analysis, and endpoint forensics, and also combine techniques to counter advanced and persistent threat actors.
See also: Top Cyber Security Companies