At Trend Micro we’re all acutely aware of the tidal wave of threats facing government agencies today. Financially motivated cyber gangs for hire and state-sponsored attackers both have the means and the motivation to launch highly targeted, covert attacks on our nation’s computer systems that traditional security tools simply can’t defend against.
This is why we’re pleased to see the government taking a lead with its Continuous Diagnostics and Mitigation (CDM) program – a five-year plan to implement Continuous Monitoring as a Service (CMaaS) across agencies in a bid to improve the resilience of networks. As we’ve explained in previous blog posts and whitepapers, continuous monitoring is at the heart of Trend Micro’s approach to threat mitigation. Its four key pillars of hardware, software, vulnerability and configuration management are supported extensively by our comprehensive Deep Security suite and APT-hunting tool Deep Discovery.
We certainly believe Trend Micro products are a perfect fit for CDM and CMaaS, but how can agencies acquire this platform to ensure they end up doing the job they do best: reducing risk and protecting government customers from data loss and disruption? Well, government projects are certainly not known for their simplicity. Procurement can also add unexpected challenges along the way, so below is some guidance on exactly how the CDM program will play out, next steps, and where to find out more information on how to acquire authorized services and tools.
How the Blanket Purchase Agreement (BPA) works
The good news for government IT leaders is that the CDM is fully funded by the Department for Homeland Security (DHS) to the tune of around $6 billion over the five years. The DHS partnered up with the General Services Administration to award a Blanket Purchase Agreement to 17 System Integrators (SIs), who will use tools from selected product vendors like Trend Micro to create the right offerings for their customers – the government agencies.
It’s important for government IT leaders to remember that they can’t buy directly from the product vendors if they want to make use of the DHS funds – all enquiries must be routed via the 17 approved SIs, or BPA holders. These are as follows:
Booz Allen Hamilton, CGI, CSC, DMI, DRC, GDIT, HPES, IBM, KCG, Kratos, Lockheed-Martin, ManTech, MicroTech, Northrop-Grumman, SAIC, SRA and Technica.
How do SIs and Federal agencies acquire Trend Micro platforms?
As we’ve said before, Trend Micro’s Deep Security and Deep Discovery suites, enabled by our Big Data powered Smart Protection Network, are a perfect fit for the continuous monitoring capabilities being promoted by the government as part of the CDM effort. Our correlated threat intelligence combines with features such as file integrity monitoring, log inspection, host-based intrusion prevention and deep packed inspection to give our customers improved situational awareness. This in turn allows agencies to augment their traditional perimeter-based approaches to security and create an advanced persistent response to today’s insidious APT-style targeted attacks.
The 17 BPA holders which have already been chosen by the DHS can buy software from Trend Micro for their government customers in three ways, as part of the CMaaS program.
- They may already have relationship with Trend Micro, in which case they can buy based on the contract signed between themselves and Trend Micro.
- They can buy through GSA contract holders of Trend Micro products
- Without a pre-existing agreement or relationship, they can buy Trend Micro software from one of four distributors: Ingram Micro, Techdata, Arrow and Interwork. They can buy it direct from these distributors; however it’s important for them to be clear that the products are being purchased as part of the CMaaS, so that Trend Micro can make sure the distributors give them a specific discount.
More info on the CDM program and its associated 15 continuous monitoring capabilities is listed here, while the GSA has a fairly comprehensive overview here. CDM has been a long time coming: it dates back to a 2010 memo from the President’s Office of Management and Budget which was sent to all executive departments and agencies. Let’s hope pretty soon we’ll be well on the way to making government networks more secure and resilient to modern threats.
Government IT leaders can contact Trend Micro via our federal direct line that at 1-855-66-TREND with further questions.