The document discusses the critical need for comprehensive network situational awareness to effectively manage vulnerabilities and reduce overall risk in organizations. It highlights a visibility gap in network management, emphasizes the importance of continuous monitoring, and suggests strategies for improving cybersecurity posture through better resource allocation and understanding of assets. Furthermore, it outlines steps for implementing a robust vulnerability management program to support risk management and compliance across government networks.

3. Foundational
Intelligence
Network
Situational
Awareness
Confidence
and Trust

4. 20% Gap in Network Visibility
“You can’t defend what you don’t know.”
Mark Orndorff, Director of Mission Assurance and Network Operations
Defense Information Systems Agency

5. Network Element Government Manufacturing Financial Technology
Assumed Device Count ~150,000 ~60,000 ~800,000 ~100,000
Discovered Devices ~170,000 89,860 842,400 ~114,000
Visibility Gap ~12% ~33% ~5% ~12%
Unknown Networks 3,278 24 771 433
Unauthorized Devices 520 n/a n/a 2,026
Non-Responding Networks 33,256 4 16,828 45
Established VM Program Yes Yes Yes Yes

6. Network change and complexity outpacing policy and procedures
Organizations can only manage and secure what they know
How much risk does this gap introduce?
An effective Vulnerability Management strategy must incorporate
comprehensive Network Situational Awareness, in order to
actively reduce overall risk

7.  Network Situational Awareness represents the foundation of comprehensive
vulnerability management
DISCOVER
Networks & Devices
Edge & Boundaries
Profiles & Vulnerabilities
COMPREHEND
Assess & Score
Prioritize & Trend
Visualization & Reporting
MITIGATE
Reduce Risk
Minimize Threat Surface
Prevent Intrusion

8. Step Goal
“Organizations that operationally implement applicable IT controls
through a vulnerability management program will achieve the
strongest security posture.”
1 Validate Network
Address Space
Discover entire scope of IP address space in use with the environment
2 Determine Network
Edge
Understand the boundary of the network under management
3 Discover & Profile
Endpoints
Understand the presence of all devices on the network
4 Identify
Vulnerabilities
Evaluate and comprehend network vulnerabilities for remediation
5 Mitigate
Risk
Remediate risks in priority order with patches/changes or accept lesser risks.

13. •
Inventory of Authorized and Unauthorized
Hardware and Software
•
•
•
•

14. HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
INFO
INFO
LOW
LOW
LOW
MEDIUM
MEDIUM
MEDIUM

16. Executive Audit & Compliance
Security IT Operations

17. DISCOVER
Networks & Devices
Edge & Boundaries
Profiles & Vulnerabilities
COMPREHEND
Assess & Score
Prioritize & Trend
Visualization & Reporting
MITIGATE
Reduce Risk
Minimize Threat Surface
Prevent Intrusion

18. • Dollars & resources are being spent on things that don’t increase security
• Outdated (10 yrs old) security regulations require manual testing every three years on systems
• Diverse tool sets implemented across the civil landscape
What is the
challenge?
• Refocus dollars and resources on what increases security
• CDM stops 85% of cyber attacks by: Searching for, finding, fixing, and reporting the worst
cyber problems first in near-real time
• Understand networks, devices, software and people’s interaction with the network in real time
What can be
done?
• In 2010, OMB assigns Cybersecurity responsibility to DHS
• In FY 2013, DHS proposes to deploy proven continuous monitoring technology across the .gov
network
Who is
responsible?

19. Source: http://www.verisgroup.com/2014/07/17/ongoing-authorization-and-near-real-time-risk-management/

20. Source: https://www.us-cert.gov/sites/default/files/cdm_files/training_materials/Overview%20Modules.pdf

21. • Control of HW assets through visibility
• Unauthorized/unmanaged HW discovery
• ID, block, or manage vulnerable assets
• Group assets based on risk profiles
Hardware Asset
Management (HWAM)
• Unauthorized/unmanaged SWCI discovery
• Remove and/or block vulnerable SWCI
• Dynamic, complete, and accurate inventory
• Timely response to malware vulnerabilities
Software Asset
Management (SWAM)
• Increased control through visibility
• Establishment of trusted “Gold Builds”
• Reduce and avoid misconfigurations
• Improved security patch asset maintenance
Configuration
Management
(CM)
• Perform threat and vulnerability analysis
• Discover vulnerabilities
• Support remediation
• Automate response to known threats
Vulnerability
Management
(VUL)
Continuous Monitoring
•Maps to risk tolerance
•Adapts to ongoing needs
•Actively involves
management
Dynamic 360 degree CDM and CMaaS capability defending against asymmetric cyber threats

22. • DHS DAA ATO
• Agency DAA updates ATO for CDM sensors
• DHS DAA establishes ESSA/EISA
Innovation Targets: Enhanced
Analytics, DAD, Global Threat
Intelligence and Process Optimization
State 2-Select
CMaaS
System
6-Monitor
Security
Security
Controls
3-Implement
Security
Controls
5-Authorize
Information
System
Continuous Asset Evaluation, Situational Awareness, Risk Scoring
• Operate CDM tools internally
to ID malware and prevent propagation
• Share CDM outputs to support ongoing A&A for CMaaS,
ESSA/ISA and agency systems containing CDM sensors,
agency dashboards
• Support SP 800-137 D/A ISCM strategy development and
maintenance, including CyberScope alignment
• Match outputs to governance training, mentoring, and
change management
• Support DHS critical control review
• Conduct site security assessment to identify differences impacting
A&A baseline
• Provide outputs to DHS and Agency DAAs to Develop POA&Ms
• Apply NIST SP 800-53 High and SSH
4300 Baseline for TS Systems
• Develop Pre-Populated Templates and
Artifacts for SO Agencies
4-Assess
Security
Controls
• Apply Type Accreditation Strategy.
o Unclass CMaaS System High
Categorization and Tools Selection
Promotes Maximum Scalability and
Tools Inheritance.
• Classified CMaaS System is classified at
Top Secret.
1-Categorize
Information
System

23. http://www.csc.com/public_sector/ds/11237/107249-cdm_cmaas?ref=ls
https://engage.csc.com/groups/cmaasbpa
http://www.gsa.gov/portal/content/176671?utm_source=FAS&utm_medium=
print-radio&utm_term=cdm&utm_campaign=shortcuts
http://www.dhs.gov/cdm
http://www.us-cert.gov/cdm
CMaaS@csc.com
Contact Phone Email
Josh Canary, BPA Program Mgr 703-908-7030 jcanary@csc.com

24. Eliminate Gaps in Network Intelligence
Maximize Visibility and Control
Enhance Security
Reduce Risk

25. tripwire.com | @TripwireInc