How agencies can leverage their CDM data to improve operational awareness

Harnessing this data and being able to share it with other agencies has proved invaluable in allowing quick responses during recent ransomware attacks, such as WannaCry and NotPetya, adds Greg Decker, cyber innovation leader at Booz Allen Hamilton. While many commercial enterprises were crippled by the attacks, CDM tools helped federal agencies weather them.

Decker and Jardim discuss the progress agencies are making in this podcast, produced by CyberScoop and underwritten by Splunk.

What does a “data-to-everything” platform mean?

“CDM lends itself to an environment or a platform that’s able to take any type of data, in any type of format, and allow an operator to be able to investigate that data,” Jardim says. “When you think of the context of CDM, there are lots of different devices and a lot of different technologies related to security … continuity management as well as operating system information. All of those are changing constantly, whether it’s through patching cycles, through compliance, through upgrades, through new technology that’s introduced into the CDM ecosystem within an agency. And the ability of an agency to be very, very flexible with getting that data is important.”

How does CDM data an agency collects improves its security posture?

“Some of the high-profile cyberthreats that have been identified over the last several years have been responded to using CDM capabilities in data. I think back on WannaCry and then NotPetya. When those initially hit the federal networks and were identified as high-risk threats, we immediately worked with our agencies to identify how they could tune their censors to quickly identify these threats and use that data repository or data integration layer to be able to identify those areas of the highest risk that they could respond to quickly,” Decker says.

“We see a tremendous capacity to leverage information sharing across these environments as agencies mature in their CDM implementation. … When we think of the beginnings of CDM it was really to identify what’s was on the network. The number of technologies that infer what’s on the network are fairly extensive. And just for agencies to get a good snapshot of what that looks like in their environment provides them the ability to infer much better security premise against their technologies on their network, the perimeter, the edge, configuration management, et cetera,” Jardim says.

What kind of progress are agencies making to take advantage of their CDM data?

“We see agencies looking beyond the initial reason they are collecting the data for their agency dashboard and federal dashboard reporting. Now they’re looking outside and we’re starting to see several agencies use CDM data for things like network mapping, or augmenting their configuration management databases, or identifying unauthorized or unused software on the networks and systems,” Decker says. He notes how one agency, by identifying software assets that had gone unused for a year, saw previously unseen opportunities to reduce licensing costs. 

Listen to the podcast for the full conversation on amplifying the benefits of CDM data to improve the agency’s cybersecurity posture. You can hear more coverage of “IT Security in government” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.

This podcast was produced by CyberScoop and underwritten by Splunk.