There’s an endless cycle to monitoring and protecting your IT environment. It’s no longer good enough to check systems at a designated time, update patches, and then carry on. Today’s threat actors are motivated, seemingly working 24/7 to find and exploit vulnerabilities and to make a public example of agencies that aren’t on their toes.
To address these threats, the U.S. Federal government has taken several steps to shore up its cybersecurity policies and processes. The Continuous Diagnostics and Mitigation (CDM) Program enables the Department of Homeland Security (DHS), along with Federal Agencies, state, local, regional, and tribal governments, to enhance and further automate their existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the Agency and Federal enterprise level.
Phase 1, which went into effect in 2013, focused on endpoint integrity. Phase 2, which took effect in 2014, focuses on least privilege and infrastructure integrity. The four main categories or steps in Phase 2 are:
- Access control management
- Security-related behavior management
- Credentials and authentication management
- Privileges
| CDM PHASE | BEYONDTRUST SOLUTION |
|
Phase 1 – Endpoint Integrity |
|
| HWAM – Hardware Asset Management SWAM – Software Asset Management CSM – Configuration Settings Management VUL – Vulnerability Management | Retina CS Enterprise Vulnerability Management |
|
Phase 2 – Least Privilege and Infrastructure Integrity |
|
| TRUST – Access Control Management (Trust in People Granted Access) | PowerBroker Privileged Access Management Retina CS Enterprise Vulnerability Management |
| BEHV – Security-Related Behavior Management | BeyondInsight Clarity |
| CRED – Credentials and Authentication Management | PowerBroker Password Safe |
| PRIV – Privileges | PowerBroker for Windows PowerBroker for Mac PowerBroker for Unix & Linux |
To help you address your CDM Phase 2 requirements, we’ve created a summary of the functional areas and how BeyondTrust solutions can help.
(TRUST) Access Control Management (Trust in People Granted Access)
The Manage Trust in People Granted Access capability informs the Manage Account Access capability by providing background information and potential risk, or compromise, factors. These factors are used to determine if someone should be granted access.
BeyondTrust solutions can integrate with identity and access management solutions to provide a powerful best-of-breed solution that will:
- Increase visibility into user, application and asset interaction with behavioral analytics to track potential malicious activity from insider and external threats
- Enhance efficiency around regulatory compliance reporting by providing insight into identity activities and account utilization
- Provide visibility into provisioning applications to minimize risk and potential breaches
(BEHV) Security-Related Behavior Management
The security-related behavior management functional area addresses the behavior of someone who has been granted access to IT devices and systems. Information from this capability feeds into the Manage Trust in People Granted Access capability where determinations will be made about someone’s suitability for continued access based, in part, on their behavior.
BeyondInsight Clarity enables IT and security professionals to identify the data breach threats typically missed by other security analytics solutions. A standard capability of the BeyondInsight IT Risk Management Console, Clarity pinpoints specific, high-risk users and assets by correlating low-level privilege, vulnerability and threat data from a variety of BeyondTrust and third-party solutions.
(CRED) Credentials and Authentication Management
The MCA capability ensures that account credentials are assigned to, and used by, authorized people.
PowerBroker Password Safe automates password and privileged session management, providing secure access control, auditing, alerting, and recording for any privileged account. By improving the accountability and control over privileged access, IT organizations can reduce security risks and achieve compliance objectives.
(PRIV) Privileges
Prevent access beyond what is needed to meet business mission by limiting account access and eliminating unneeded accounts to prevent attackers from gaining unauthorized access to sensitive data.
PowerBroker for Windows, PowerBroker for Mac and PowerBroker for Unix & Linux reduce the risk of privilege misuse on physical and virtual Microsoft Windows desktops and servers, Mac desktops, and Unix and Linux servers. By eliminating administrator privileges, delegating access, simplifying the enforcement of least privilege policies, maintaining application access control, and logging privileged activities, IT closes security gaps, improves operational efficiency, and achieves compliance objectives faster.
For more information on the CDM program requirements and how BeyondTrust solutions address the categories, please download our white paper ‘Addressing Continuous Diagnostics and Mitigation Program Requirements’. Or, contact us today to schedule a strategy session.
Sandi Green, Product Marketing Manager, BeyondTrust
Sandi Green is the Product Marketing Manager for PowerBroker Password Safe, PowerBroker for Windows, and PowerBroker Mac at BeyondTrust. She has over 20 years of sales and solutions marketing experience with technology companies that served a variety of industries ranging from life sciences, human capital management, consumer packaged goods and most recently IT security. When she’s not following the latest trends in Cybersecurity, she’s busy following college football and basketball. Follow her on Twitter at @SandiGreen3.