The Continuous Diagnostics and Mitigation (CDM) Dashboard Ecosystem is a set of flexible, scalable tools that deliver actionable information on cybersecurity threats. The crucial part of the system is its access to situational awareness data, which refers to cybersecurity activities that are unfolding now and need a quick response.
The Department of Homeland Security (DHS) established CDM to provide DHS and federal agencies with tools and techniques to continuously identify and prioritize cybersecurity risks, so they can tackle the most critical threats first.
One of the top priorities of CDM is making sure data flows effectively through the Dashboard Ecosystem. What starts as massive amounts of disparate data is quickly transformed into useful, relevant information, delivered to a dashboard, allowing agencies to quickly respond to cybersecurity threats.
How Data Flows More Effectively in the System
At the agency level, sensors are deployed across the networks that perform ongoing and automated collection of network activity. Sensors can be anything from a network tap to a device log that help gain visibility into the events at the host or network level from a security perspective. This data, along with data gathered from other sources like anti-malware and firewall logs, is fed into a central data store.
There is a lot of data and in many different formats. Data analysis tools clean and standardize the data, which makes it highly usable. What starts as massive amounts of disparate data is quickly transformed into useful, relevant information, delivered to a dashboard.
Each agency will have its own dashboard, which provides snapshots of their network’s cyber health, along with the ability to drill down into details.
The Results of This Improved Access to Data
With the Dashboard Ecosystem up and running, agencies get diagnoses of risks and threats affecting their networks and those affecting other agencies. The Dashboard applies a risk score to each endpoint, alerting staff when critical risks are detected.
The volume of data to be gathered and tracked is huge. And data analysis can be time consuming, often requiring special skills that many cybersecurity staff members don’t have. The Dashboard Ecosystem gathers, standardizes, and correlates data, greatly minimizing the amount of manual work required.
These prioritized alerts allow agencies to assign resources more appropriately and efficiently.
This article is an excerpt from GovLoop’s recent course, “Manage Cybersecurity Threats With the CDM Dashboard Ecosystem.” Access the full course here to learn about structure of the CDM program and how to improve your agency’s overall cybersecurity posture.