Solution Brief: Continuous Diagnostics and ...
Solution Brief: Continuous Diagnostics and Mitigation (CDM) Phase II
Feature Highlights
Continuous Diagnostics and Mitigation - Phase II
Identity Based Policy Controls
The CDM Program of the Department of Homeland Security (DHS) is designed to provide a new approach to protecting the cyber infrastructure of the .gov network environment. The intent of CDM is to combat threats to our nation’s networks on a real-time basis and enhance existing network monitoring capabilities. CDM success requires correlation and analysis of critical security-related information to facilitate an enhanced risk-based decision making process at the agency and Federal enterprise levels.
Role-based policy controls act on request and response information context as messages flow through. Comprehensive protocol and message-based token formats enable granular policy control at the Tier 0 border. Dynamic routing, security, workflows, and access control facilitate a secure virtual and physical boundary policies.
Reporting and Monitoring Agentless monitoring provides seamless deployment with no footprint on the client or service endpoints. In-line communication flow provides real-time criteria detection, alerting, and consolidated reporting. Integrates with SIEM and dashboard systems with secure SYSLOG and SNMP capabilities.
CDM requires implementing a network architecture that enables data exchange among the tools involved in capturing the data from various sources to use for CDM correlation and aggregated analysis. Creating a secure ecosystem requires embracing FIPS 140-2 and NDDP compliant technology. This provides a rulesbased approach of Layer 7, deep-context awareness for information assurance and granular privacy and security. Dynamic identity and security rules applied at the data borders provide a sophisticated level of information context far beyond traditional Tier 0 network components. A gateway approach as a central theme for CDM implementation removes the complexities associated with end-point solutions that use disparate tools and technologies.
MOBILE
Interoperability Designed for mediation and brokered communication of TCP Layer 7 protocols and data formats. Seamless deployment at information border locations with physical hardware and virtual gateways.
CLOUD
.GOV FIREWALL
FIPS 140-2 and NDPP Secure API Security Gateway
Scalability
Internet / DMZ boundary DMZ / Extranet boundary DMZ / Intranet boundary Extranet / Intranet boundary Intranet / Internal-enclave boundary
WAF
Patented PKI crypto acceleration with Intelligent caching and I/O optimization. In-line SSL termination, SSL initiation, DSIG and encryption for offloading cryptographic data processing in realtime for bi-directional traffic streams.
IDS SIEM
ENDPOINT SECURITY
VIRTUAL
ESB
SOA
APPS
PORTALS
DATA
THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY
Solution Brief: Continuous Diagnostics and Mitigation (CDM) Phase II
CDM Implementation
Forum Sentry Benefits The only FIPS 140-2 and NDPP certified gateway Identity management and identity token consumption and generation
Unifying data formats and communication channels through gateway infrastructure ensures security, consistency, scalability and centralized data security. This enables all solution components of CDM to communicate within secure ecosystems facilitated by Layer 7 content rules that segment data sharing and communication logically as message flows through the information borders of the networks.
Message and identity-based rule enforcement for security, identity, mediation, and reporting
Architecting the CDM ecosystem via gateway technology improves the business efficiency and value of the tools and technologies performing the capture and analysis.
Integrity and trust validation of information flows with protocol and message structure conformance Agentless behavior monitoring with deep content inspection Simplified interoperability among disparate client and end-point network components.
About Forum Systems Forum Systems is the global leader in API and Cloud Security technology with industry-certified and patented products that secure enterprise infrastructure. Forum Systems has built the core architecture of its technology on the foundation of FIPS 140-2 and NDPP. Our security-first mindset enables trusted, network edge deployments for protecting critical enterprise transactions. We support enterprise customers across industries in commercial, government, and military sectors. Our technology provides leading cyber security with integrated identity and SSO features that enable out-of-the box business solutions with point-andclick technology.
CDM Challenges
Unified CDM Solution
The CDM program requires a technology capable of consolidating disparate client- and server-based technologies into a unified set of collaborating entities. CDM challenges include:
Purpose-built API gateway technology is an essential component to the CDM initiative. An API gateway provides secure collaboration across logical and physical enclaves of privacy controls.
Disparate network infrastructure topology and information formats challenge interoperability and access control.
Forum Sentry is purpose-built to communicate with a comprehensive spectrum of client and server technologies to provide seamless interoperability.
Tools lack scalability for facilitating information consolidation via secure transfer with PKI data and protocol security requirements
Forum Sentry is a US Patented technology for secure network cryptographic acceleration and is designed for clustered horizontal scalability.
Assurance of data in mandated formats (e.g. SCAP, etc) in order to ensure that the ecosystem of CDM structured information exchange is adherent to expected standards and schema.
Forum Sentry provides data transformation, data mapping, and data validation engines to enforce data conformation to mandated standards.
Data privacy and data integrity assurance. Forum Sentry provides an integrated PKI Information traversing the network needs engine for SSL/TLS, data-level encryption to be kept private and ensured integrity to and signing. allow correlation to be done with confidence that data is kept within the appropriate enclaves of collaboration. Achieving the required FIPS 140-2 security baseline for information consolidation and access
Forum Sentry is the industry-only gateway achieving combined FIPS 140-2 and NIAP NDPP certifications.
Forum Systems | www.forumsys.com | 888.811.0060 | © 2014 Forum Systems
Feature Highlights
Continuous Diagnostics and Mitigation - Phase II
Identity Based Policy Controls
The CDM Program of the Department of Homeland Security (DHS) is designed to provide a new approach to protecting the cyber infrastructure of the .gov network environment. The intent of CDM is to combat threats to our nation’s networks on a real-time basis and enhance existing network monitoring capabilities. CDM success requires correlation and analysis of critical security-related information to facilitate an enhanced risk-based decision making process at the agency and Federal enterprise levels.
Role-based policy controls act on request and response information context as messages flow through. Comprehensive protocol and message-based token formats enable granular policy control at the Tier 0 border. Dynamic routing, security, workflows, and access control facilitate a secure virtual and physical boundary policies.
Reporting and Monitoring Agentless monitoring provides seamless deployment with no footprint on the client or service endpoints. In-line communication flow provides real-time criteria detection, alerting, and consolidated reporting. Integrates with SIEM and dashboard systems with secure SYSLOG and SNMP capabilities.
CDM requires implementing a network architecture that enables data exchange among the tools involved in capturing the data from various sources to use for CDM correlation and aggregated analysis. Creating a secure ecosystem requires embracing FIPS 140-2 and NDDP compliant technology. This provides a rulesbased approach of Layer 7, deep-context awareness for information assurance and granular privacy and security. Dynamic identity and security rules applied at the data borders provide a sophisticated level of information context far beyond traditional Tier 0 network components. A gateway approach as a central theme for CDM implementation removes the complexities associated with end-point solutions that use disparate tools and technologies.
MOBILE
Interoperability Designed for mediation and brokered communication of TCP Layer 7 protocols and data formats. Seamless deployment at information border locations with physical hardware and virtual gateways.
CLOUD
.GOV FIREWALL
FIPS 140-2 and NDPP Secure API Security Gateway
Scalability
Internet / DMZ boundary DMZ / Extranet boundary DMZ / Intranet boundary Extranet / Intranet boundary Intranet / Internal-enclave boundary
WAF
Patented PKI crypto acceleration with Intelligent caching and I/O optimization. In-line SSL termination, SSL initiation, DSIG and encryption for offloading cryptographic data processing in realtime for bi-directional traffic streams.
IDS SIEM
ENDPOINT SECURITY
VIRTUAL
ESB
SOA
APPS
PORTALS
DATA
THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY
Solution Brief: Continuous Diagnostics and Mitigation (CDM) Phase II
CDM Implementation
Forum Sentry Benefits The only FIPS 140-2 and NDPP certified gateway Identity management and identity token consumption and generation
Unifying data formats and communication channels through gateway infrastructure ensures security, consistency, scalability and centralized data security. This enables all solution components of CDM to communicate within secure ecosystems facilitated by Layer 7 content rules that segment data sharing and communication logically as message flows through the information borders of the networks.
Message and identity-based rule enforcement for security, identity, mediation, and reporting
Architecting the CDM ecosystem via gateway technology improves the business efficiency and value of the tools and technologies performing the capture and analysis.
Integrity and trust validation of information flows with protocol and message structure conformance Agentless behavior monitoring with deep content inspection Simplified interoperability among disparate client and end-point network components.
About Forum Systems Forum Systems is the global leader in API and Cloud Security technology with industry-certified and patented products that secure enterprise infrastructure. Forum Systems has built the core architecture of its technology on the foundation of FIPS 140-2 and NDPP. Our security-first mindset enables trusted, network edge deployments for protecting critical enterprise transactions. We support enterprise customers across industries in commercial, government, and military sectors. Our technology provides leading cyber security with integrated identity and SSO features that enable out-of-the box business solutions with point-andclick technology.
CDM Challenges
Unified CDM Solution
The CDM program requires a technology capable of consolidating disparate client- and server-based technologies into a unified set of collaborating entities. CDM challenges include:
Purpose-built API gateway technology is an essential component to the CDM initiative. An API gateway provides secure collaboration across logical and physical enclaves of privacy controls.
Disparate network infrastructure topology and information formats challenge interoperability and access control.
Forum Sentry is purpose-built to communicate with a comprehensive spectrum of client and server technologies to provide seamless interoperability.
Tools lack scalability for facilitating information consolidation via secure transfer with PKI data and protocol security requirements
Forum Sentry is a US Patented technology for secure network cryptographic acceleration and is designed for clustered horizontal scalability.
Assurance of data in mandated formats (e.g. SCAP, etc) in order to ensure that the ecosystem of CDM structured information exchange is adherent to expected standards and schema.
Forum Sentry provides data transformation, data mapping, and data validation engines to enforce data conformation to mandated standards.
Data privacy and data integrity assurance. Forum Sentry provides an integrated PKI Information traversing the network needs engine for SSL/TLS, data-level encryption to be kept private and ensured integrity to and signing. allow correlation to be done with confidence that data is kept within the appropriate enclaves of collaboration. Achieving the required FIPS 140-2 security baseline for information consolidation and access
Forum Sentry is the industry-only gateway achieving combined FIPS 140-2 and NIAP NDPP certifications.
Forum Systems | www.forumsys.com | 888.811.0060 | © 2014 Forum Systems
