of-band management includes dedicated management transport, centrally managed access control, continuous monitoring capabilities, configuration management, and vulnerability management capabilities that assess and remediate both compute systems and transport infrastructure.
in damage or risk to assets or operations. The more quickly an agency can determine that an incident has taken place, the more quickly it can respond. That time frame also sets in motion a chain of reporting events, such as what must be reported, when it must be reported, and what information must be provided.
Getting it done
“Dedicated management transport
is more than a separate VLAN; it is a complete separate transport architecture
that lays over your production network. It has its own routers, switches and firewalls separate from your production systems. Your management communications are the keys to the castle and keeping them separate from production communications is the best way to protect that asset.”
Continuous monitoring helps agencies detect unusual activity or invalid user credentials. To satisfy requirements for continuous monitoring, organizations can install a continuous network monitoring suite. Capabilities typically include managing and monitoring switches and devices attached to them, analyzing and aggregating logs, and monitoring the status
Achieving ironclad network security while ensuring compliance is no easy task. Network infrastructure is complex, and targets continually shift. Understanding agency requirements, network infrastructure and cyberthreats are critical to understanding which technologies make sense for specific Defense environments.
ITES-3H Assists Agencies in Building Solutions to Meet Cybersecurity Requirements
The Information Technology Enterprise Solutions-3 Hardware (ITES-3H) contract covers a full range of equipment for solutions that can assist agencies in bolstering network security readiness, including continuous monitoring and secure transport. These and many other cybersecurity products and services are available through CDW·G, a proven federal supplier with multiple certifications, including the NSA’s CSfC, ISO 28000, ISO 9001, ISO 14001, ISO 27000 and ISO/IEC 20243. The ITES-3H contract, administered by the Army CHESS, is available to Army, other DOD agencies, and all other federal agencies, and authorized government contractors supporting these agencies.
A comprehensive security management suite will provide compliance management, vulnerability management, access control, configuration management, and incident detection. Another way to enhance network security is by improving the ability to more quickly detect incidents on the network, such as by aggregating logs from all sources through a security information and event management (SIEM) tool or central network monitoring suite.
of devices in near real time. They may differ depending on the suite, but all of them present information via a dashboard that displays exactly what’s happening at every moment in time.
NSA-trusted integrators are pre-vetted and approved, allowing them to design commercial solutions for classified architecture around an agency’s specific technical requirements. CDW·G, for example, has designed a service around
this certification that also enables it to use professional services engineers to install and configure secure solutions.
One of the most important metrics is mean time to know (MTTK) on events versus incident detection. An event pertains to any occurrence relevant to normal operations, such as authentication transactions or intended system-to-system communication; an incident is an event that potentially results in increased risk
Implementing some type of continuous network monitoring suite, along with
SIEM and automated change detection,
is an effective way to achieve the type of continuous monitoring that gets results. With these tools, agencies can develop robust, information-aware systems that help close the gap for MTTK.
“It’s easy to get lost in the technology and requirements, especially with so much at stake,” Balthaser says. “But with the right approach, true network security is very achievable.”
or damage to assets or operations; and a security incident is an event that results
Finally, it’s important to use technology that fulfills cybersecurity compliance requirements like NIST Special Publication 800-53 controls. A next-generation
firewall, for example, fulfills many of these requirements in the areas of perimeter boundary protection and secure architecture segmentation.
The best way to ensure a unified, effective, compliant network ecosystem
is by choosing a partner with deep expertise in both technology and federal government. CDW·G, for example, has developed cybersecurity strategies and orchestrated infrastructures for federal agencies for decades. CDW·G’s out-of- band management service designs secure technology infrastructure customized to an agency’s requirements. CDW·G’s modular approach allows agencies to implement specific technology to meet cybersecurity needs.
It’s also important to choose a partner
that has been certified through NSA’s Commercial Solutions for Classified (CSfC), as a Trusted Integrator (TI). This
is critical for agencies that must transport classified information securely from one location to another, even if they are on the same campus. CSfC allows agencies to use commercial off-the-shelf (COTS) equipment instead of government-specific equipment. Using COTS equipment is faster to deploy and implement – and usually much less expensive.
To learn how CDW·G can secure your architecture, please visit: CDWG.com/security