The Department of Homeland Security (DHS) is entering Phase 3 of its Continuous Diagnostics and Mitigation (CDM) Program as they work toward “fortifying the cybersecurity of government networks and systems.”
Through CDM, DHS is working with agencies to ensure they have the best tools to support IT modernization as cyber threats evolve and change. In Phase 1, the goal was to discover what was on an agency’s network. Phase 2 focused on who was on an agency’s network. In Phase 3, the goal is to discover what is happening on an agency’s network.
“The CDM approach is consistent with … the National Institute of Standards and Technology (NIST) and helps meet federal reporting requirements,” according to the CDM website. It offers industry-leading, commercial off-the-shelf (COTS) tools and guides agencies that install sensors that perform “on-going, automated search for known cyber flaws.” These results, DHS explains on its site, are fed into an agency dashboard that produces customized reports that alert network managers to their most critical cyber risks, and in Phase 3 “these capabilities move beyond asset management to more extensive and dynamic monitoring of security controls.”.” To find out more about CDM Phase 3 and how it can help federal agencies “mitigate security incidents to prevent propagation throughout the network/infrastructure”, we spoke with Greg Fletcher, Juniper Networks Director of Business Development for Civilian Agencies, about CDM and network security.
Knowing an agency’s ongoing status in terms of cybersecurity is critical, according to Fletcher.
“As our government moves toward IT modernization and codifies it for agencies, cybersecurity is fundamental to that migration. CDM is a big part of that, and what’s interesting about Phase 3 is that DHS has rolled out a CDM-approved product list and is offering agencies the ability to choose which products they would like to deploy with the prime system integrators, in their agency,” Fletcher explained. “This is consistent with Juniper’s open approach to integrating multivendor best-of-breed solutions.”
“I think what Kevin Cox, the DHS CDM product manager, is trying to achieve is to give the agencies the discretion and control over particular types of products that they think will best meet the needs of agency-specific cybersecurity requirements while offering a broad base of systems integrators so that there’s diversity.”
That diversity provides a certain degree of competition and accountability within the system integrators to make sure they’re at the top of their game and making the most efficient tax-payer dollar decisions,” he explained. As a vetted and approved software-defined secure network (SDSN) provider for CDM, Juniper is a key partner for the federal government in keeping networks safe. They offer an open architecture and flexible tools that turn the entire network into a firewall.
“The perimeter firewall approach is not really sufficient in this day and age, because mobility and other applications have made the perimeter abstract,” Fletcher explained. “An SDSN approach understands that and allows an agency to create a holistic network firewall, leveraging multiple network elements such as routers, switches, firewalls, virtual platforms and endpoints as sensors, and utilizing software to enforce security policy throughout the network, including third-party elements. SDSN is much more than just connecting a firewall fabric to protect the network, SDSN is leveraging the entire network as a firewall.”
Juniper offers an easy way to view what is happening on a network, determine whether an activity is from a bad actor or is malware, shut it down and then – importantly – inform the rest of the network of that bad actor to keep the network healthy.”
As Fletcher explained, visibility into an agency’s network is imperative in order to know when something is awry, so it can be shut down. He shared that Juniper’s Security Director software offers an intuitive visual interface that allows an agency’s IT team to see in real time what’s happening on the network.
“One of many helpful Security Director features is that you can see different time frames,” he shared. “This is important because with a timeline you are better able to identify things like intermittent attacks that may not be obvious, because it only comes in periodically.
“You can graphically tighten up the timeline and you can then see for example, ‘Wait a second, we have a pattern every month where we’re getting pinged in this particular pattern,’ and you can do the research and shut that down. You’re able to see all the different elements of your network, and the network engineers have a very easy and intuitive way to identify the issues and quickly respond to them.”
The next step for Juniper is to continue the secure network journey with the agencies bringing to our nation’s network defense the “self-driving network” that offers self-healing and self-remedy through machine learning (ML) and artificial intelligence (AI) built into the software.
“Using AI and ML, our SDSN can detect an anomaly and then automatically inform all of the other elements of the network that it has detected it, ‘If you see this string of code, you know that it’s malware,’” Fletcher explained. “Once the entire system is ‘aware’ of that string of code, it will not be allowed through the network.”
Using an SDSN solution that offers real-time visibility, is NIST compliant, and that is a CDM-approved supplier, will allow agencies to get to the vision outlined by the DHS in 2012, when it announced CDM, that all federal networks will be scanned continuously and able to identify and respond to threats and breaches.
Want to learn more about Juniper’s SDSN solutions? Everything you need to know is here.