Metrics and Automation Can Improve Federal Cybersecurity Measures – BroadbandBreakfast.com

July 9, 2020 Metrics are a new frontier for automating certain cybersecurity measurements, according to Mariam Baksh, a staff correspondent at Nextgov.

In a Thursday Nextgov webinar, moderated by Baksh, panelists discussed the benefits of utilizing automation to gather data for more informed metrics, in order to ultimately solve pressing cybersecurity issues in both the federal and private sector.

Its important to remember when we say metrics, we just mean measurements, said Brandon Valeriano, senior advisor of the Cyberspace Solarium Commission.

Automation and metrics are currently being utilized by the Continuous Diagnostics and Mitigation Program, a leading effort to reduce cyber risk and provide asset visibility to the federal government.

By distributing automated tools to federal agencies, their ability to monitor and manage the threat of cyber vulnerabilities is strengthened.

The goal of CDM is to improve the federal governments respective security posture, said program manager Kevin Cox.

Agencies are not aware of their attack surface, Cox said, referring to all of the places an advisory is able to exploit a network.

When the CDM program was utilized, researchers found that agencies have 75 percent more assets than they were manually reported, Cox said.

The objectives of the program are to reduce agencies threat surface, increase visibility into the federal cybersecurity posture and improve federal cybersecurity response capabilities.

Valeriano, who Baksh mentioned had more experience in the private sector than his fellow panelists, spoke of utilizing metrics and automation to solve an alternative problem.

Were generally collecting data on security risks for no real purpose of analysis, Valeriano said. We only know about what were already looking for.

Valeriano called for utilizing metrics to develop a better situational hyper-awareness, so eventually attacks could be predicted and mitigated.

Other panelists reported that they are not doing the type of work that Valeriano described, revealing a division in development between segments of the private and public sector.

Automation is the way to go, said Vijay DSouza, director of the information technology and cybersecurity team at the Government Accountability Office. The more tools you have to handle the vast amounts of data were dealing with the better.

However, automation may not catch major threats, such as attackers going for harder to exploit targets, DSouza said.

To solve this, a marriage of artificial intelligence and human intelligence is ideal, he said.

Visit link:

Metrics and Automation Can Improve Federal Cybersecurity Measures - BroadbandBreakfast.com

Related Posts

Comments are closed.