Cybersecurity has been top of mind for federal agencies in the past year. From Executive Order 14028, Improving the Nation’s Cybersecurity, to CISA’s Binding Operational Directive, 23-1, there is increasing oversight and scrutiny on federal networks’ ability to protect themselves from attack. The expectation is that leaders will be accountable for ensuring the entire hybrid, multi-cloud network is secure and in compliance with security policies.
At the same time, Gartner believes that cybersecurity professionals are losing control in a highly distributed ecosystem. This is because the sheer number of devices, vendors, and protocols in place makes it virtually impossible to document network behavior or prove that the constant changes and updates taking place within the network are not degrading compliance. Using siloed security tools or vendor-provided applications doesn’t deliver an accurate assessment of the security posture. Furthermore, the process of collecting and analyzing the necessary data is cumbersome and time-consuming, requiring deep knowledge of multiple platforms and solutions. In an era plagued by a security talent shortage, this is untenable.
Binding Operational Directive (BOD) 23-1 states that “continuous and comprehensive asset visibility is a basic precondition for any organization to effectively manage cybersecurity risk.” Yet due to the multi-vendor nature and sheer size of agency networks, this is difficult to achieve. Most agency networks are comprised of tens of thousands of devices from dozens of vendors running billions of lines of code; understanding the complexity of these environments is beyond the scope of human comprehension.
Forward Enterprise supports all major hardware vendors, public cloud vendors, and protocols and is proven to support over 50,000 devices per instance. The result is broad deep data that helps engineering teams improve their security posture.
The Cybersecurity and Infrastructure Security Agency (CISA) issued BOD 23-1 to enhance visibility into agency assets and vulnerabilities. This measure is intended to support CISA’s efforts to effectively manage cybersecurity for the Federal Executive Branch (FECB) enterprise. CISA has stated that “comprehensive asset visibility is a basic precondition for any organization to effectively manage cybersecurity risk.”
The BOD requires Federal Agencies to perform automated asset discovery every 7 days and vulnerability enumeration every 14 days. Due to technical limitations, legacy scanning tools cannot support agencies’ efforts to adhere to this directive. These tools take several days to perform a scan that reaches all network endpoints. This also assumes the organization fully understands their IP address space, both IPv4 and IPv6. Also, they can allow scans through firewalls or deploy probes, if necessary, onto air-gapped environments to reach areas of the network separated by administrative boundaries.