- Use Cases
Executive Order 14028, Improving the Nation’s Cybersecurity, directs decisive action to improve the Federal Government’s investigative and remediation capabilities. Section 8 of the Executive Order, also known as M-21-31, is a clear directive for Federal agencies to advance logging capabilities, including log retention and management, “with a focus on ensuring centralized access and visibility for the highest-level enterprise security operations center (SOC) of each agency.”
The importance of this directive cannot be underscored enough. Section 8 provides clear, actionable guidance on certain processes, procedures, and techniques that all Federal agencies should be both willing and capable of implementing. Given the criticality of the data and systems in use at our nation’s governmental agencies, a focus on log management and SOC improvement is long overdue.
M-21-31 states that agencies are now mandated to address the availability and accuracy of their logs, including:
Further, agencies must acquire and maintain comprehensive and ongoing knowledge of all assets (devices, users, networks) to properly manage them and ensure an audit trail of their security state as a means to “accelerate incident response efforts and to enable more effective defense of Federal information and executive breach department and agencies.”
At present, it is likely that most logging and log management at agencies is executed via a SIEM, which helps coordinate much of the logging processes. However, most SIEMs have limited visibility based on the integrations that are configured and logs ingested, and they, quite simply, don’t know what they don’t know.
What agencies (and any organization that wants to improve and enhance its network visibility and control) need is the ability to find both known and unknown network data, missing or broken configurations, and a higher level of correlation that offers actionability against high priority systems and alerts.
The Axonius Cybersecurity Asset Management (CAM) Platform allows agencies to meet or exceed logging requirements defined in M-21-31. Axonius:
Axonius is uniquely positioned to provide agencies with:
Axonius enhances log management capabilities, tying together every asset in agencies’ environments and providing a view into what’s there AND what’s missing — a fundamental capability that will help agencies comply with M-21-31. Unlike a standalone technology or technology with limited integration:
Axonius provides the assurance that log coverage is complete and actionable. The platform provides log data correlation and centralized visibility into assets and their operational state.
But Axonius goes beyond basic. Uniquely, Axonius detects and reports on security gaps — where logs are missing or incomplete, and when censors are misconfigured or malfunctioning.
In short, Axonius tells our customers what other tools can’t find and provides a consolidated view of the entire asset environment for the highest level of security preparedness and defense.
Though regulatory compliance should be just the starting point for any comprehensive cybersecurity program, M-21-31 shows that the U.S. government’s understanding of cybersecurity is improving — and it’s affecting real advancement. Even if agencies meet only the minimum requirements of M-21-31, they will see demonstrable improvement. However, using a tool like Anxious to move beyond the basics will not only result in greater cybersecurity capability, but will allow agencies to speed up triage, using fewer resources, and, as a result, decrease risk steadily over time.