Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

CSC leverages Lumeta and Tripwire for CDM / CMaaS

CASE STUDY
CSC leverages Lumeta and Tripwire for CDM / CMaaS
Enables Federal and other government entities to strengthen the
security posture of their cyber networks
Computer Sciences Corporation (CSC) is a global leader of
next-generation information technology (IT) services and
solutions. Their mission is to enable superior returns on
clients’ technology investments through best-in-class industry
solutions, domain expertise and global scale.
Josh Canary, CISSP, PMP, BPA Program Manager at CSC spoke
on a joint webinar with Lumeta and Tripwire to discuss
the benefits and integration synergy between the two
companies in addressing the cybersecurity requirements for
the Continuous Diagnostics and Mitigation (CDM) program
released by the U.S. Department of Homeland Security (DHS).
The following includes edited excerpts from his presentation:
“
What we liked about the two products put together was
that it allowed us to first ‘turn on the lights’ [Lumeta],
and then the categorization of risks [Tripwire] allowed
us to not be blinded by what we saw.
– Josh Canary, CISSP, PMP, BPA Program Manager at CSC
”
Challenge
Continuous Diagnostics and Mitigation (CDM)1
Cyber attacks on Federal government networks are growing more sophisticated, frequent, and dynamic. It is paramount that
the government protects networks, systems, and information from unauthorized access or disruption while continually providing
essential services to the public.
The Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government
networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks
on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most
significant problems first.
Federal governments (as well as state, local, and regional governments, in addition to defense organizations) can benefit from a
blanket purchase agreement (BPA) called Continuous Monitoring as a Service (CMaaS) to strengthen their information technology
networks. The goal of the CMaaS BPA and CDM Program is to provide a consistent, government-wide set of continuous diagnostic
solutions to enhance defenders’ abilities to identify and mitigate emerging cyber threats through risk-based decision making.
The program consists of three phases. The first phase of CDM focuses on endpoint integrity: management of hardware and software
assets, configuration management, and vulnerability management, which are foundational capabilities to protect systems and data.
Phases 2 and 3 are being further defined to include Least Privilege and Infrastructure Integrity, and Boundary Protection and Event
Management, respectively.
1
www.dhs.gov/cdm and www.us-cert.gov/cdm
CSC2
CSC supports federal agencies’ missions to respond to these ever-changing cyber threats and has collected, vetted and selected
the industry’s best cybersecurity tools and services for its Continuous Diagnostics and Mitigation (CDM) Tools, and Continuous
Monitoring as a Service (CMaaS) Blanket Purchase Agreement (BPA). CSC’s CMaaS solutions strengthen the cybersecurity of
government networks. CSC understands that an agency can’t protect its assets without knowing the composition of its network.
Solution
“We’re currently in Phase 1 of the CDM Program. CSC, as an integrator, looked at
hundreds of different products, but what we really found to be amazing is that
just by using these two products [Lumeta and Tripwire] we were able to meet
all four of the critical guidelines in Phase 1 of CDM.
CDM Phase 1: Endpoint integrity
a Hardware Asset Management (HWAM)
a Software Asset Management (SWAM)
a Configuration Settings Management (CSM)
a Vulnerability Management (VUL)
We found that when we combine the two products together, that 20% gap [in enterprise network visibility is closed]. Many products
we found that do vulnerability management and hardware asset management allow you to put in an IP address range. ‘I’ll tell you
where my network is, now you go out and find all those devices that are on my network.’ What we found interesting and unique
about Lumeta is the ability to find rogue devices and leaks.
Being able to ‘turn on the lights’ of your network and define what’s out there is definitely the first step in terms of being able to
protect [the network]. If you don’t know what’s there, any number of patching, any number of system changes, any number of
firewalls or other devices you might buy is not going to protect what you don’t know you have.
You have to be able to identify the risks and do the analysis to find out what’s actually going to hurt you. Just by identifying the
devices in your network and not actually doing the categorization (when you actually find out where the risks are), you still don’t
know what’s on your network.
For example, most Windows Servers have a BIND service installed by default … now it’s almost never turned on. We found a number
of tools that would determine that there was in fact a BIND service and raise a red flag. But it’s not a problem if it’s disabled.
What we liked about the two products put together was that it allowed us to first ‘turn on the lights’ [Lumeta], and then the
categorization of risks [Tripwire] allowed us to not be blinded by what we saw.
As more and more BYOD systems are coming on line ... while the perimeter, which used to be the bastion of protection, is now
getting more and more muddy … I can’t just put up four corners around my building and decide it’s clean. I need to be a lot more
engaged with devices that are walking around outside of my control.”
Continuous Monitoring
“When observing, orienting, deciding and taking action, you’re finding out what’s on your network, finding out what the risks are,
finding out what the possible exploits are, deciding on a level of security control, you’re deploying the security controls, and even
more important you’re monitoring them. It’s a constant process.
The faster you’re able to bring your controls to bear and make changes and fix things that are broken, then you’re able to get ahead
of your adversary. He’s attempting to bring malware to bear, exploits to bear, exfiltrate your information, try to take advantage of
non-existent patches, or even patches that maybe the industry hasn’t determined there’s a weakness yet. So the faster you’re able to
turn a vulnerability into a non-vulnerability, the better off you’re going to be in the long term.”
2
http://www.csc.com/public_sector/ds/11237/107249-cdm_cmaas?ref=ls
Lumeta Corporation | 300 Atrium Drive, Suite 302 | Somerset, NJ 08873 USA | +1.732.357.3500 | www.lumeta.com
© 2015 Lumeta Corporation. All rights reserved. Lumeta, the Lumeta logo and IPsonar are registered trademarks of Lumeta Corporation in the United States and other countries.
All other trademarks or service marks are the property of their respective owners.
Related documents
D-Sight CDM overview
D-Sight CDM overview
The new Career Management module: helping you to choose your direction
The new Career Management module: helping you to choose your direction
Evaluation of CDM 2007 Anthony Lees Health and Safety Executive
Evaluation of CDM 2007 Anthony Lees Health and Safety Executive
Banyan Environmental Innovations Pvt. Ltd.
Banyan Environmental Innovations Pvt. Ltd.
To whom it may concern,
To whom it may concern,
Download