Federal Cybersecurity Survey Says…

2019-01-12_cybersecurity survey

By Dick Stark

RightStar and BMC last month sponsored a federal IDG survey to better understand different agencies’ maturity with processes for cyber remediation, and to uncover additional capabilities that they would find valuable in taking a more proactive approach to cybersecurity. The survey was fielded in the US from November 28 to December 12, 2018 and consisted of 100 qualified completes. Here are the highlights.

The top cybersecurity goal for Federal organizations is to take a more proactive approach toward addressing vulnerabilities. When a security incident occurs, the most common response is the “swivel chair” approach where the Operations or Security teams use network management/analysis software, scanning tools, and eventually remediation software to analyze and fix the problem.  The overarching objective, of course, is to prevent the incidents from occurring in the first place.

Government organizations have some ability to map vulnerabilities to critical or non-critical applications, but less than half (43%) are able to do so to a great extent. The increasing popularity of application discovery and dependency mapping tools such as BMC Discovery, illustrates that agencies are becoming more and more proactive about addressing vulnerabilities long before they happen. For example, BMC Discovery can map out which applications or business services run on which servers and network devices, or identify blind spots—servers and network devices that are not visible to the vulnerability scanner and are therefore not scanned. This operational intelligence makes security analysis faster, more accurate, actionable, and proactive to help organizations better manage and mitigate risk.

Reduce security technology and tool complexity. The survey found more than 100 tools in use in the following categories: Automation, Reporting, Remediation, Process Management, Scanning, Analysis, and Data Aggregation. Combining scalability and flexibility along with compliance regulations, and an increasing multi-cloud environment, means that finding the right tool fit can be a Herculean challenge.

TrueSight Operation Management, combined with TrueSight Vulnerability Management, is BMC’s “manager of mangers’ solution providing a single pane of glass approach across multiple domains. By integrating with other automation and scanning tools such as Rapid7, Tenable, and Qualys, teams can quickly consume scans and automatically tie vulnerabilities to known remediations.

Interestingly, last week we had a conversation with a DOD lead architect for the fourth estate, an effort to consolidate services from 16 DOD organizations into one, with 430 sites, and more than 500,000 employees. The DOD CIO’s mandate is to reduce the DOD data center foot print, and streamline cybersecurity infrastructure. It is therefore no coincidence that the DOD understands the importance of fit and function, as they move towards a standardized DOD security / operations tool platform.

Watch this blog site for a new whitepaper discussing the survey results in more detail. Stay tuned…



About dick1stark

I am the President, CEO, and founder of RightStar Systems, a leading IT consultancy and BMC Software Solution Provider and Atlassian Expert Partner. My passion is customer success—whether it’s reducing the cost of service management, improving overall efficiency, or increasing end-user or employee satisfaction. Since founding RightStar in 2003, RightStar has made the INC 5000 list four times. In 2011, RightStar was awarded the prestigious National Capital Business Ethics Award (NCBEA) by the Society of Financial Service Professionals based upon RightStar’s foundation of honesty, ethics, and integrity. And in 2014, RightStar was selected by Forrester Research as one of 13 North American companies profiled in its ITSM Consultancy Wave Report. Finally, in 2016, BMC selected RightStar as its 2015 Supplier of the Year for its consulting partnership and excellence in service delivery. Dick is a graduate of Stanford University and a Project Management Professional (PMP).
This entry was posted in BMC, Business Management, Cybersecurity, RightStar, Uncategorized and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s