CISA Working on Aggregating Cloud Logs for Better Network Visibility
The Cybersecurity and Infrastructure Security Agency is conducting pilot programs to aggregate cloud logs across multiple departments and agencies in an attempt to better monitor threat activity.
Speaking at an FCW-hosted event, CISA Chief Technology Officer Brian Gattoni said the agency is experimenting with endpoint visibility capabilities, with the goal of closing visibility gaps in agency networks.
According to Gattoni, CISA wants to send agencies’ cloud logs into a single aggregation point and try to make sense of them as a whole, FCW reported Wednesday.
Some cloud service providers have readily available infrastructure that can help CISA in gathering the security information it wants to aggregate. Gattoni noted, however, that the federal government cannot always rely on CSPs, which is why CISA is looking to build its own capabilities to close visibility gaps.
The agency’s experiments with cloud log aggregation align with its goal of securing individual endpoints in agency networks.
CISA’s Eric Goldstein previously told House lawmakers that the agency is shifting its focus from implementing perimeter security to guarding endpoints, where most threat activity is happening today.
The change in CISA’s approach to cybersecurity comes after its Einstein intrusion detection system received criticism for not being able to stop a major cyber breach. CISA already acknowledged the limitations of the Einstein system, saying its perimeter security measures were not designed to combat an incident such as the SolarWinds hack.
Limited network visibility is considered a major weakness by Gen. Paul Nakasone, the head of the National Security Agency and U.S. Cyber Command.
In a previous statement, Nakasone warned that foreign actors are taking advantage of the U.S. intelligence community’s inability to freely monitor domestic infrastructure without a warrant.
Tags: Brian Gattoni CISA cloud log aggregation cybersecurity Cybersecurity and Infrastructure Security Agency endpoint security Eric Goldstein FCW network visibility Paul Nakasone