Eight years into DHS’s Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) program, agencies have reported significant strides in adoption. Now, with COVID-19, the increase in Federal telework is putting a spotlight on cloud and mobile environments.
How are agencies preparing for this next chapter of CDM? Where are agencies finding the best value in their CDM efforts? And how do automated cybersecurity tools like ConfigOS fit into all of this?
What stakeholders are saying about CDM adoption.
As a member of the CDM approved provider list (APL), SteelCloud recently sponsored a webinar and research study with MeriTalk titled “CDM, The Next Chapter.” More than 100 federal and industry stakeholders were surveyed, and the vast majority agreed agencies are doing well at adoption thus far. In addition:
- 59% say agencies are integrating continuous diagnostics and mitigation into their overall cyber strategies, as opposed to stand-alone functions
- 90%, however, believe adversaries are outpacing agencies’ efforts
- While 90% say that visibility into cloud and mobile devices should be at least as good as visibility into on-premise systems, just half are taking steps to make that possible
- Agencies estimate just 45% of their current CDM processes are automated
Add it all up, and you can see it’s a critical juncture for agencies and their security efforts. The more clever our adversaries get, the more clever we must be at thwarting them.
Three top strategies are critical to success.
The survey also revealed the three top strategies agencies are focusing on to secure their systems:
- Cloud computing. 66% said cloud computing was key to their continuous diagnostics and mitigation efforts because it improves scalability and agility and is easier to modernize over time. This gives agencies a flexible, secure foundation on which to build.
- 60% said automation was key to making continuous diagnostics and mitigation work. Automating CDM elements removes human error, reduces stress on the workforce, improves response times and efficiency, and simplifies real-time network monitoring.
- Zero trust. 59% say zero trust is a winning strategy for stopping data breaches. It is centered around the practice of not trusting—or assuming the trustworthiness of—anything inside or outside the network without verification and validation.
Why cybersecurity automation is the lynchpin of CDM.
SteelCloud is on the approved provider list for CDM, and our ConfigOS tool is an automation tool. But our belief that automation is integral to making CDM work goes beyond that. Simply put, beyond monitoring something continually, at some point, you have to fix it, and automation is the most precise way to do it.
For example, ConfigOS can harden any system in about an hour, eliminating weeks of effort. It allows you to quickly establish a DISA STIG- (Security Technical Implementation Guide) or CIS- (Center for Information Security) compliant environment. Because of this, it is the ideal tool for CDM—continually scanning, remediating, and reporting on system vulnerabilities. Better yet, even in the largest network environments—including classified, tactical, weapon systems, air-gapped labs, and the commercial cloud—ConfigOS can easily remediate every endpoint, every day.
Because ConfigOS can operate in and secure cloud environments, it’s vital to the cloud computing strategy, securing the platform, and protecting it from outside sources. And because it rapidly verifies and validates security controls, it is integral to establishing and maintaining a zero-trust posture.
The power ConfigOS packs for continuous diagnostics and mitigation is why we have earned the status of a CDM approved solutions provider. As you continue to implement your CDM DEFEND plan, feel free to ask us about automating your cybersecurity efforts with ConfigOS.