Blog
RevealX Provides Multiple Key Capabilities Under CISA CDM Program
Michael Clark
April 15, 2024
ExtraHop® has renewed its listing of RevealX™ on the Cybersecurity and Infrastructure Security Agency’s (CISA) approved list of products for its Continuous Diagnostics and Mitigation (CDM) program. The CDM program’s approved product list (APL) serves as the authoritative catalog of products that meet stringent CDM technical requirements. Federal civilian agencies can refer to the APL to simplify the evaluation, procurement, and implementation of security solutions.
RevealX has been enabling federal civilian agencies to achieve CDM program objectives since it was first listed on the CDM APL in 2020. As cyber risks evolve, so too do the requirements of the CDM program. Each month, CISA evaluates software and hardware submissions against established criteria to validate vendors’ claims that their products meet capability requirements. CISA has reevaluated RevealX against the latest criteria and has approved it for listing on the APL for multiple capabilities.
Leveraging Continuous Diagnostics and Monitoring for Better Security
CISA runs the CDM program to help participating agencies improve their cybersecurity posture by providing cybersecurity tools, integration services, and dashboards. The CDM program focuses on four capabilities: asset management, identity and access management, network security management, and data protection management. Event logging falls under the network security management (NSM) capability, which is designed to provide agencies with visibility into what is happening on their networks and how their networks are protected.
As defined by CISA, the NSM capability comprises the four component capabilities and three subcapabilities described below:
Boundary Protection (BOUND) encompasses capabilities designed to limit, prevent, and/or remove unauthorized network connections, as well as monitor and control the borders and protection mechanisms for an agency network by detecting and deterring malicious activity. Boundary Protection is further subdivided into three subcapabilities:
Filters and boundary controls (BOUND-F) separate the internal and external networks, regulate the flow of traffic between more and less trusted parts of the network, and help uncover network vulnerabilities or malicious activity that may lead to data leaks and compromised network integrity.
Network access control (NAC) allows only devices that meet agency policy standards to connect to the network. BOUND-E describes the ability to monitor and manage cryptographic mechanisms controls. This capability ensures that encryption on the network has been properly configured and implemented for the desired level of security.
The Manage Events (MNGEVT) capability describes the ability to identify security threat vectors through the use of security event information collated from multiple sources on the network.
Operate, Monitor, and Improve (OMI) capability describes an agency’s ability to analyze security events, prioritize mitigation, response, and recovery efforts, and report on post-incident activity. This capability builds off of results from MNGEVT assessments.
Design and Build In Security (DBS) describes how well an agency incorporates security features into every stage of the software development lifecycle. Agencies can increase the effectiveness of this capability by combining it with supply chain risk management processes.
RevealX has been approved for listing to the CDM APL for the BOUND-F, BOUND-E, DBS Design, DBS Development, and DBS Deploy capabilities.
How RevealX Helps Secure Federal Agencies
Under the Office of Management and Budget’s (OMB) M-21-31 memorandum, 23 civilian agencies were required to reach the advanced (tier 3) maturity level in their event logging capabilities by August 2023. According to a December 2023 report from the U.S. Government Accountability Office, only three have done so. Of the other 20 agencies, only 3 more have reached basic (tier 1) maturity, while the remaining 17 are still stuck at tier 0. Without fully mature event logging capabilities, the federal government will be severely limited in its ability to detect, investigate, and remediate cyber threats.
In order to achieve basic maturity, agencies must meet logging requirements categorized at the highest level of criticality. Network device infrastructure logging falls under this highest level of criticality, and packet capture is one of the only acceptable formats for this logging data.
Agencies are struggling to meet these standards due to the complexities associated with logging, managing telemetry, and meeting long term retention requirements. RevealX makes compliance with M-21-31 easier, faster, and more cost effective by observing the network as a source of data. RevealX delivers comprehensive network coverage and machine-learning insights powered by next-generation techniques that take network security to the next level by accelerating analysis and action across security and IT teams.
RevealX offers continuous, full packet capture (PCAP) and a scalable PCAP repository that ensures organizations can meet or exceed 72 hour storage requirements in on-premises, hybrid, and cloud environments. Network packets offer the highest fidelity source of truth about activity on the network, and continuous PCAP collects and saves all packets traversing the network so that security teams can analyze packets from before, during, and after an event. On-demand or precision PCAP only gathers information when it’s online, which can leave security teams blind to information before a triggering event or in the event of a false negative.
RevealX enables federal agencies to investigate smarter, stop threats faster, and move at the speed of risk. Both security and IT can improve efficiency and agency resilience with real-time network insights and high-fidelity machine learning detections. It also provides visibility into encrypted network traffic via full packet capture and unparalleled, out-of-band decryption capabilities delivered at line-rate speeds to identify the telltale signs of early stage attacks. RevealX integrates easily with existing tools, workflows, and platforms through a secure API, enabling agencies to confidently respond to security risks without slowing down operations.
Discover more