Lay continues: "We can't afford to have an army of people watching all of these monitors, so we have to have really sophisticated tools to filter for us. But once the filtering is consistent, we really end up with a risk management model that gets the false positives down to a point that they are manageable - and we end up with useful information that leads to better decisions."
Lay explains that the State Department designed the CDM program as a proprietary, in-house product to digest the disparate feeds from networked devices and populate a dashboard that would offer visualizations of the various security operations such as patching and virus protection.
"The big key is being able to give situational awareness to both our decision makers and our system owners," Lay says, "so they really know when they're making risk-based decisions what it is they're up against, whether it's introducing new technologies or if they're just trying to further the mission of the department."
Now four years along, CDM has moved under the auspices of the Department of Homeland Security, which has been working to commercialize the product and is making it available to other federal agencies along with state, local and tribal governments.
Through those kinds of initiatives, the feds are looking to put the era of check-box security behind them. From the vantage point of a vendor such as the security firm Blue Coat, that shift has entailed changes in what government customers are expecting from the contractors they do business with.
"With compliance, we've been dealing with solutions where we're able to pass audits. So we get a grade on whether or not our cybersecurity posture was meeting the minimum requirements for the government," says Aubrey Merchant-Dest, Blue Coat's director of cybersecurity strategy.
Now, Blue Coat sees attackers trying to get assets or break into a network with targeted attacks - and they can easily skate through perimeter defenses and even host defenses, Merchant-Dest says. "Bottom line: We can't stop everything. With this new automated approach that CDM provides us, it's in fact going to give us a better handle on cyber situational awareness."
Sign up for CIO Asia eNewsletters.