January 4, 2024
There was a time when a “snapshot” of a federal system was taken, and its security posture was evaluated based on the moment in time. That may have been a tolerable solution when a network consisted of two dozen personal computers and a server down the hall. However, this superficial approach will not work with today’s networks in constant change.
For example, data is exploding and entering systems from a wide variety of portals. Add to that the devices that deliver that tsunami of data are doubling and tripling themselves.
During this interview, Jonathan Trull from Qualys gives his opinion on the state of today’s federal technology when it comes to vulnerability assessment, configuration settings management, asset management, and dynamic application security testing.
He also addresses qualitative aspects of managing assets. Jonathan Trull refers to the weakness of a “checkbox” approach to managing assets. In mature systems like the federal government has today, you may discover managed and unmanaged assets. Just because you check the box on “managed” assets, this does not mean it is professionally managed; it may be poorly managed leaving a system vulnerable.
Software development is all about Minimum Viable Products and frequent changes. Terrific for agile software development, however, each update means a new weakness could be introduced. Federal leaders must embrace agile methodologies and keep systems safe at the same time.
This means everyone should consider dynamic security application testing as part of a prudent network safety analysis.
This interview will give you a good introduction to how to keep enterprise systems safe in a world of constant change.
If you enjoyed this article, you may want to listen to Ep. 113 MGM, CISA, & Non-Human Entities
John Gilroy appeared on National Public Radio in Washington DC for 25 years. He wrote 523 technology columns for The Washington Post. Currently, John is an award-winning lecturer at Georgetown University. Forgot to mention — he has recorded over 1,000 podcast interviews.