Response to CISA BOD 23-01

In early October of 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-01. 

As part of an ongoing evolution to strengthen the nation’s security stance, it requires all US federal, executive branch, departments and agencies to improve asset visibility and vulnerability detection.

As part of this directive (which goes into effect April 3, 2023), all covered organizations must perform automated asset discovery on their entire IPv4 and IPv6 address space every 7 days.

Additionally, all discovered assets must undergo vulnerability enumeration every 14 days.

The directive is US federal government focused, but clearly this is a need across governments and enterprises worldwide.  The directive touches very clearly and specifically on “what” must be done.  However, it is no surprise that the “how” is left open to various approaches.  While there are many vendors who offer tools to achieve these goals, it is important to recognize that most security tools need visibility into all parts of the network to achieve their intended function.

Keysight does not  perform asset discovery or vulnerability enumeration directly, but our visibility solutions are a key part of the solutions used for this purpose.  Keysight maintains strong technical partnerships with vendors like:  Forescout, Nozomi, SCADAfence, Tenable, Splunk and many others. Keysight’s deep network traffic and visibility data solutions combined without technology partner’s solutions enable a new caliber of network security.

For example, the Forescout Platform combines passive and active discovery techniques to identify and assess any device and its network activity across all environments and all technologies – IT, IoT, and OT. This enables organizations to build a complete asset inventory, to perform security audits of all device types including legacy OT devices, and to continuously assets the risks to operational continuity. Keysight taps and network packet brokers feed the Forescout Platform, allowing monitoring where the (legacy) network infrastructure can’t enable traffic mirroring or where dedicated monitoring sensors cannot be deployed. Furthermore, Keysight visibility helps avoid blind spots, and monitoring bottlenecks.

Using Keysight Flex Taps to access network data overcomes limitations that occur when switched port analyzer (SPAN) ports on network switches are used. As data centers scale, there are rarely enough SPAN ports to go around which translates into dangerous visibility blind spots.

Feeding network data gathered by taps (and SPAN) to Keysight’s Vision series of NPBs before sending it to to technology partner solutions provides significant benefits. Here are some examples:  automatic removal of duplicate packets, masking of sensitive data, SSL decryption, header-stripping, and other advanced functions that ensure monitoring and security tools get exactly the right data  delivered in real-time, every time.

Keysight packet brokers are renowned for industry-best ease of use, true application intelligence, and ultra-reliable performance while performing advanced functions (such as deduplication) at high speeds. Together with our partners, Keysight taps and NPBs deliver: