If you are making decisions on how to spend the last of your FY 2016 IT budget, there are low-cost, high-impact products and services available that can improve your security status and make your life easier in the coming year.
This year’s major IT projects are already wrapped up or under way (or maybe on hold). Although next year’s IT budget is still a question mark, plans for major acquisitions should already be in process. But there is still time to take advantage of your remaining IT budget for this year to improve your agency’s information security and make life easier in the coming year.
There are plenty of low-cost, high-impact products and services available that can help you make the most of your year-end spending. They can help you get the most from tools and systems already in place, validate your current posture, and prepare you to meet the challenges and take advantage of opportunities in fiscal 2017.
Agencies will continue to face growing, rapidly evolving cyberthreats with static cybersecurity budgets
It is vital to get the most from your IT budget. The president’s IT budget proposal for the coming year is pretty much flat at $89.8 billion, an overall 1 percent increase for both military and civilian agencies from this year. What Congress will actually appropriate is still up in the air, but it is a pretty safe bet that agencies will continue to face growing, rapidly evolving cyberthreats with static cybersecurity budgets. This means agencies must get the full value from their existing security infrastructure, making full use of the capabilities already in place and ensuring that investments are producing the intended results. These are areas in which your remaining FY2016 budget can help.
You do not have to embark on lengthy acquisitions to take advantage of these opportunities. There already are procurement vehicles in place with many companies such as Tenable that can help you meet your needs by the end of the fiscal year.
Here are a few tips for making the most of your year-end spending.
- Evaluate your current environment. Understand your existing sites, networks and systems and the tools now in place for protecting them.
- Review your requirements and goals for IT security for the current year.
- Identify the gaps between your current status and your goals.
- Develop a plan to fill those gaps.
Here are a few examples of year-end efforts that can help you validate and improve your current status, and prepare for the coming year.
Professional service assist visit
All right, you have made the investment in the software and have read the manual to get it up and running. But a second pair of eyes and a second opinion never hurt—especially when they come from an expert. Some smart guys once said, “Just because you know how something works does not mean you know how to use it.” To ensure you are getting the most from your investment, it is not a bad idea to have the folks who created the software make sure it is fully optimized. And the knowledge you pick up from these professional services can increase your own value. Here are a few ideas to enhance your use of Tenable products.
Passive Vulnerability Scanner
The Tenable Passive Vulnerability Scanner™ (PVS™) performs automatic discovery of users, infrastructure and vulnerabilities, giving you continuous visibility into your network. It enables real-time network monitoring to identify suspicious traffic and to discover the full range of assets on your network. PVS is part of the DoD’s Assured Compliance Assessment Solution (ACAS), an integrated platform that also includes the Tenable SecurityCenter™ and Nessus® user interface to provide automated vulnerability scanning, configuration assessment and discovery. PVS is also available as a stand-alone solution and as a component in SecurityCenter Continuous View™ (SecurityCenter CV™).
Experiment with Agents
If you want to take SecurityCenter CV and your monitoring to the next level, maybe it’s time to start experimenting with Agents. Agents can help you keep tabs on pieces of infrastructure that are not always connected to the network and that you don’t always control. Agents can be a way for you to show leadership in improving network security.
Tenable can help
Tenable professional services can help you to get the most out of the tools you already have if you are using Tenable’s SecurityCenter CV. SecurityCenter CV uses multiple PVS sensors to analyze and aggregate data on ports and communication activity, and because SecurityCenter CV supports multiple users and privileges, multiple accounts can be created across an enterprise to share PVS data. It also integrates Nessus Agents to collect scan data from transient and difficult to reach systems, eliminating security blind spots.
Tenable also offers several different training options. Contact federal@tenable.com to discuss your site-specific training needs.
Tenable professional services can help you to get the most out of the tools you already have
To learn more about how Tenable can help you make the most of your year-end spending, contact federal@tenable.com.