Last month, the Department of Defense (DoD) released the Cybersecurity Discipline Implementation plan, with the objective of improving its cybersecurity programs and processes.
The plan identifies four ‘Lines of Effort’, each representing a prioritization of all the DoD’s cybersecurity requirements:
- Strong authentication – degrade the adversaries' ability to maneuver on DoD information networks
- Device hardening – reduce internal and external attack vectors into DoD information networks;
- Reduce attack surface – minimalize external attack vectors into DoD information networks
- Alignment to cyber security and computer network defense service providers – improve detection of and response to adversary activity
Here’s a summary of how BeyondTrust supports the effort:
Line of Effort 1 – Visibility, Accountability, And Privilege
The goal of strong authentication is to reduce anonymity, and enforce accountability for all DoD network actions. With strong authentication, DoD agencies can prevent unauthorized access through methods such as compromised privileged credentials. BeyondTrust can help in two ways:
PowerBroker Identity Services provides a simple way to maintain Active Directory as a single authentication platform across your enterprise. You can leverage multi-factor authentication with Common Access Cards (CAC), or one-time passwords (OTP) on Unix, Linux and Mac. It also supports multi-factor authentication for single sign-on in heterogeneous environments.
PowerBroker Password Safe offers secure access control, auditing, alerting and recording for any privileged account – from local or domain shared administrator, to a user’s personal admin account (in the case of dual accounts), to service, operating system, network device, database (A2DB) and application (A2A) accounts – even to SSH keys.
Line of Effort 2 and 3 - Make A Hacker’s Job More Difficult
Two of the four Lines of Effort in the Cybersecurity Discipline Implementation Plan address explicitly external threats and unauthorized third-party access. Improving the resilience of the DoD IT networks with device hardening (Line of Effort 2) makes it more difficult for threat actors to gain access through tactics like vulnerability patching. Reducing the attack surface (Line of Effort 3) through unauthorized access to DoD servers is another critical steps toward addressing cybersecurity threats.
BeyondTrust’s solutions can help agencies maintain situational awareness of network threats. Retina CS Enterprise Vulnerability Management solutions identify security exposures, analyze business impact, and plan and conduct remediation across disparate and heterogeneous infrastructure. Retina Network Security Scanner enables agencies to efficiently identify IT exposures and prioritize remediation enterprise-wide.
PowerBroker Password Safe can help agencies gain control over how third parties access DoD networks and applications. Password Safe provides a secure connection gateway with proxied access to RDP, SSH and Windows applications; protects privileged credentials; and records all privileged sessions
Line of Effort 4 - Get A Birds Eye View Of Your IT Landscape To Win The Battle
Monitoring your IT perimeter is not enough – you have to be able to pinpoint and respond to a threat immediately. The goal of the 4th Line of Effort is to challenge agencies to act quickly when a threat is identified, and to align the Computer Network Defense Service Providers (CNDSPs) to ensure there are standardized communication mechanisms in place to achieve mission operations. BeyondTrust helps IT teams do just that.
BeyondInsight is an advanced threat analytics capability that enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions. BeyondInsight pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions.
Want to get a head start on addressing the cybersecurity implementation plan for your agency? Download our white paper, Addressing the Department of Defense Cybersecurity Discipline Implementation Plan.