The future of the Cybersecurity and Infrastructure Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program’s dashboard architecture is continuing to evolve for both CISA and Federal civilian agencies to get clearer visibility and understanding of network endpoint health, explained Judy Baltensperger, CDM program project manager, at MeriTalk’s Cyber Central: Defenders Unite virtual conference on October 28.
Baltensperger discussed the future of the CDM dashboard, the evolving threat hunting environment for CISA across agency networks, and the importance of mitigating cyber threats before they occur.
“At the moment, it’s going to take us a lot of time because we have a current patchwork of tools and sensors and endpoint deployments across these agencies,” said Baltensperger of the current endpoint detection and response (EDR) environment across agencies. Execution on EDR mandates in the Biden administration’s Cybersecurity Executive Order will help to close existing gaps, she explained.
Baltensperger said there are 52 agency dashboards now deployed on the Elastic platform used for the CDM program, and 41 are sending data back and forth with CISA on a daily basis. EDR capabilities are an important piece of the puzzle as they provide the data necessary to detect and counter threats, and it’s the dashboard that helps to achieve visibility and detection at scale.
“With the executive order, [the Office of Management and Budget] identified a gap with endpoint visibility specifically across the Federal civilian executive branch, and this gap indicated that we needed to be able to identify and track anomalous activity at the host level across all of our Federal civilian endpoints, which is in the millions” when measured across 102 different agencies, Baltensperger explained.
To that end, Baltensperger emphasized the importance of leveraging common tools to gain rapid identification, detection, response, and recovery of endpoints, which would be a big step up from the current patchwork of tools, sensors, and endpoint deployments across Federal agencies.
“The first phase that I think we need to focus on is our operational visibility, and that’s where the dashboard can provide that visibility,” said Baltensperger. “The second thing I think we need to do” involves “a proof of concept where we do CDM-enabled threat hunting ,” she said. “Finally … what we really need to focus on is our flexibility and our agility.”
To hear Baltensperger’s full remarks, please visit Cyber Central: Defenders Unite.