Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Apr 20 2012
Security

State Department Keeps an Eye Out for Cyberthreats

Spotlight on Continuous Monitoring

In recent years, the State Department has found itself in a dangerous IT environment, much like many other agencies. Cybersecurity incidents at the department nearly quadrupled from 2008 to 2010, creating a need for heightened defenses, and the threat has only grown since then.

“We’re into an area where the kind and the quality of our defensive cybersecurity is more important than ever,” says John Streufert, the former chief information security officer at the State Department.

State addressed the threat by implementing an ambitious program to monitor the department’s cybersecurity posture. Knowing what the department’s IT assets are, where they are, and what’s protecting them helps the IT security staff understand how to best address the myriad threats they face.

With its assets accounted for, the next step was assessing what level of risk each organization faced. The department established a score card that gave organizations within State a letter grade based on how they addressed security risk. As the program evolved, the department tweaked the rating system. If security officials were more concerned about a problem, they could increase its grading weight, encouraging IT managers to focus attention on it.

The result is a program that monitors more than 100,000 systems, throughout the United States and in more than 200 countries.

“A program of well-structured continuous monitoring using these techniques resulted in a factor-of-10 reduction of risk at the State Department in just the first 12 months of use,” says Streufert, who earlier this year left the department to become head of the Homeland Security Department’s National Cybersecurity Division.

The program’s success was recognized when it received a 2011 U.S. National Cybersecurity Innovation Award from the SANS Institute, a security research and education organization.

State uses a number of software products to carry out tasks such as vulnerability scanning, vulnerability management and compliance monitoring. “State used existing tools and antivirus systems, and that’s a good way to go about it,” said Greg Wilshusen, director of information security issues at the Government Accountability Office, which audited the program last year.

Among the tools that State uses in its continuous monitoring program are Microsoft Active Directory and software products from McAfee Foundstone and Tenable Network Security.

“When these tools are deployed properly, you can collect details which empower technical managers for targeted daily attention to remediation,” Streufert says. “We found that lowering risk was both feasible and fast

Voices

Sager_100

“There’s a constant stream of new information about threats, vulnerabilities and remediation. You must have continuous situational awareness of this information and your own environment to securely manage your systems.”

Tony Sager, Chief Operating Officer, NSA’s Information Assurance Directorate

Walsh_100

“We’re looking to monitor our environment on a continual basis — regular, recurring monitoring of how things are going.”

John “Rick” R. Walsh, Chief of Emerging Technologies, U.S. Army

Gilligan_100

“The increase of attacks is something that is being seen across every organization, and we’ve got to be able to monitor the situation and our security posture at the speed of these attacks.”

John Gilligan, President of the Gilligan Group and former CIO of the Air Force

<p>Epoxydude/Corbis</p>