The SolarWinds supply chain attack exposed vulnerabilities in major commercial and public-sector enterprises, including the U.S. Treasury and the Departments of Homeland Security, State, Commerce and Defense. What is lacking in most organizations, inter alia, is the ability to determine what devices are connected to a network. The federal government overall, and most importantly, DoD must enhance their ability to secure networks and devices. But, the government cannot defend what it cannot see. Having a high-confidence, real-time picture of what devices are on a network is the first step in providing security against cyber attacks. To meet this objective, DoD, with Congressional support, has been moving forward on a program called Comply-to-Connect (C2C). C2C provides real time visibility of all IP endpoints, network infrastructure, and internet of things devices. Also, it identifies non-compliant and previously unidentified devices and can isolate these assets. I have written more on C2C here.
Find Archived Articles: