Continuous Diagnostic and Mitigation (CDM) Guidelines, Programs, and More
Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides DHS, along with Federal Agencies with capabilities and tools and identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.
STEALTHbits CDM Overview
STEALTHbits enables agencies to secure their most sensitive data and the credentials that supply access to that data. As a result, we provide the most comprehensive Data Access Governance and Active Directory Management & Security portfolio in the industry. Our technology has proven to provide value in multiple ways, as it helps government agencies reduce risk, increase security, save time, save money, and achieve compliance with a myriad of standards. We protect your data and credentials on-premise and in the cloud to ensure a state of security for your agency, users, data, and constituents.
How STEALTHbits maps to CDM Phases
Phase 1 of CDM, “what is on the network,” requires an inventory of physical and system assets, and a vulnerability assessment of these assets. STEALTHbits augments inventory capabilities with discovery and mapping of data-related entities including shared file systems and directory service objects, highlighting at-risk and stale data, misconfigurations and other concerns.
Phase 2 of CDM, “who is on the network,” requires an inventory of users or systems with authorized access. STEALTHbits augments identify efforts by enumerating account and group objects in multiple directory services (AD, LDAP, NIS) as well as local user and group objects, and maps functional access of these account objects by analyzing group membership and all file and email system directory permissions, including inherited access through parent directory and group relationships.
Phase 3 of CDM calls for management of “What is happening on the network,” focusing on the management of events, monitoring for normal and abnormal behavior, ongoing authorization risk assessments, and improvement, incident prioritization and response.
Threat Analytics is more than analyzing user behavior and pretty dashboards. It’s about proactively understanding the threats against your various assets, where vulnerabilities exist that those threats exploit, and employing detection, protection, and mitigation controls to neutralize threats and reduce risk.
Agencies don’t have adequate resources to understand or address all the different threats they face and continue to struggle with foundation-level security best practices. The volume of events produced by native logging is overwhelming, which makes data difficult to consume, and it often takes several months for organizations to detect a breach. This inadequacy of the data produced by native logging also makes the data difficult to understand because most log data provides operational intelligence, not security intelligence. Without a threat analytics solution, organizations are left with ineffective ways to detect post-compromise activity and are left vulnerable.
Phase 4 of CDM asks “How is data protected?” and also includes “Design and Build in Security,” a process to find and mitigate vulnerabilities in existing systems, including risks introduced along the supply chain. STEALTHbits helps meet requirements by both enhancing detective capabilities and reducing risk surface area with respect to data accessibility.
Control the risk every file poses to your organization. These files can contain anything, from regulated data to trade secrets, including the data you thought was locked up tight in databases and applications. Knowing the risk any file can pose your organization, it is an absolute necessity to understand who has access to it and what they are doing with that access.
It all starts with the basic questions. Questions that seem easy to answer, but we all know are not. Where is the data? How much is there? Who can access it now? What does it contain? Not all risk is created equal. A share that anyone can read data from is not as dangerous as another open share with lots of sensitive information stored on it. Profiling your risk means prioritizing, using the data you now possess. Data never sits still. People look at it, edit it, move it, and delete it. If you want to understand and govern access, you need to know who is touching it and exactly what they’re doing with it. Leverage our proven heuristics and the access data you’ve collected to assign business owners for your information. Then get their buy in through surveys that let them actively take ownership. These new owners become the decision makers as you roll out self-service access request and entitlement reviews.
Additional CDM Integrations
STEALTHbits provides Identity Governance Solutions with a single place to connect to for all unstructured data access information. We aggregate metadata and permissions from all distributed systems that contribute to the determination of who has access to what unstructured data. From that information, we calculate Effective Access, which is the real answer to who has access to what regardless of how many layers of permissions, policies, and directory structures may be involved. Armed with this information, your Identity Governance system can manage access to this data along with your applications and other resources.
Privileged Account Management (PAM)
STEALTHbits integrates with Privileged Access Management products to offer enhancements to the visibility, scope, and effectiveness of that control. There are three main use cases where STEALTHbits enhances your PAM solution:
- STEALTHbits ensures that the scope of your PAM solution is more complete through a powerful discovery engine that can touch all your systems, databases, and more. It will find and classify all the accounts it finds, and it can show you which accounts belong under PAM control.
- STEALTHbits reveals when Admins are using Privileged Accounts outside of PAM control. STEALTHbits monitors authentication activity on every AD Domain controller and can detect when that activity is not correlated with a proper checkout from the vault.
- STEALTHbits shows where Privileged Accounts have access to sensitive data and how they use it, by mapping out and monitoring access to sensitive information stored in unstructured data and databases. STEALTHbits reports where sensitive data is exposed to Privileged Accounts of any kind, and when people abuse those Privileged Accounts to access that data.
For information on how to get started, visit our Government customer page: https://www.stealthbits.com/customers/government and take a look at the White Paper and Buyer’s Guide at the bottom of the page.
Don’t miss a post! Subscribe to ‘The Insider Threat Security’ Blog here:
As the VP of Product Marketing, Darin is responsible for product messaging and positioning as well as generating industry and market awareness for STEALTHbits products. He is an experienced leader who has worked in software for over 21 years.
Prior to joining STEALTHbits, he was VP of Marketing for Quorum and SecureAuth, and has held positions in product management & product marketing at Oracle, and Quest Software.