As agencies work to meet federal mandates for ensuring that their information systems are secure, many are deploying security solutions that can continuously monitor their systems and mitigate vulnerabilities. IBM’s Tivoli Endpoint Manager software combines endpoint and security management to help address the rapidly increasing number of cybersecurity threats.
Tivoli Endpoint Manager is highly scalable, controlling as many as 250,000 endpoints with a single management server. It allows IT staff to manage physical and virtual endpoints, such as servers and computers, as well as mobile devices, ensuring networkwide awareness of security posture and risk. The software continuously scans systems and enforces security policies, reducing vulnerability management and patching cycles.
The IBM software has been validated by the National Institute of Standards and Technology as conforming to the Security Content Automation Protocol (SCAP). It delivers compliance reporting for a number of federal security and privacy standards, including the Federal Information Security Management Act and the U.S. Government Configuration Baseline.
IT security spending by federal agencies in 2010
SOURCE: “Fiscal Year 2010 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002” (Office of Management and Budget, March 2011)
By the Numbers
Number of federal security incidents reported in 2010 to the U.S. Computer Emergency Readiness Team
SOURCE: “Fiscal Year 2010 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002”
Percentage of federal IT officials who say they have deployed continuous monitoring for cyberthreats
SOURCE: “FISMA’s Facelift: In the Eye of the Beholder?” (MeriTalk, October 2010)
Stages of cyberattack: reconnaissance; targeted attack; compromise and network intrusion; installation of tools and utilities; and malicious endeavors
SOURCE: “Federal Cybersecurity Best Practices Study: Information Security Continuous Monitoring” (Center for Regulatory Effectiveness, October 2011)
Number of federal agencies (among 24 investigated) that had weaknesses in their 2010 continuous monitoring efforts
SOURCE: “Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements” (Government Accountability Office, October 2011)
Percentage of cyberattacks that leverage known vulnerabilities and configuration management setting weaknesses
SOURCE: “FISMA 2.0: Continuous Monitoring Case Study Update” (Center for Regulatory Effectiveness, February 2011)