Security & Compliance Blog

State of Cybersecurity in the US Federal Government

Richard Stark
2 minute read
Richard Stark
image_pdfimage_print

Federal Cybersecurity Survey Says…

RightStar and BMC last month sponsored a federal IDG survey to better understand different agencies’ maturity with processes for cyber remediation, and to uncover additional capabilities that they would find value in taking a more proactive approach to cybersecurity. The survey was fielded in the US from November 28 to December 12, 2018 and consisted of 100 qualified completes. Here are the highlights.

The top cybersecurity goal for Federal organizations is to take a more proactive approach toward addressing vulnerabilities. When a security incident occurs, the most common response is the “swivel chair” approach where the Operations or Security teams use network management/analysis software, scanning tools, and eventually remediation software to analyze and fix the problem. The overarching objective, of course, is to prevent the incidents from occurring in the first place.

Government organizations have some ability to map vulnerabilities to critical or non-critical applications, but less than half (43%) are able to do so to a great extent. The increasing popularity of application discovery and dependency mapping tools such as BMC Discovery, illustrates that agencies are becoming more and more proactive about addressing vulnerabilities long before they happen. For example, BMC Discovery can map out which applications or business services run on which servers and network devices, or identify blind spots—servers and network devices that are not visible to the vulnerability scanner and are therefore not scanned. This operational intelligence makes security analysis faster, more accurate, actionable, and proactive to help organizations better manage and mitigate risk.

TrueSight Operation Management, combined with TrueSight Vulnerability Management, is BMC’s “manager of mangers’ solution providing a single pane of glass approach across multiple domains. By integrating with other automation and scanning tools such as Rapid7, Tenable, and Qualys, teams can quickly consume scans and automatically tie vulnerabilities to known remedi-ations.

Interestingly, last week we had a conversation with a DOD lead architect for the fourth estate, an effort to consolidate services from 16 DOD organizations into one, with 430 sites, and more than 500,000 employees. The DOD CIO’s mandate is to reduce the DOD data center footprint and streamline cybersecurity infrastructure. It is, therefore, no coincidence that the DOD understand the importance of fit and function, as they move towards a standardized DOD security/operations tool platform.

Click here to view full study.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

About the author

Richard Stark

Richard Stark

President and CEO
Dick is President, CEO, and founder of RightStar Systems, a leading ITSM, and DevOps consultancy, and a Gold BMC Solution Provider. His passion is customer success—whether it’s reducing the cost of service management, improving overall efficiency, or increasing end-user or employee satisfaction.

Dick brings RightStar more than 25 years of experience in building, managing, and operating technology companies, and over 35 years total experience in the technology industry. During his career, he has been responsible for leading national marketing and regional sales teams, and on many occasions has led and managed technical, consulting, and finance operations.

Dick is a frequent public speaker, and a graduate of Stanford University.