Agencies have tremendous amounts of data available to them – about all sorts of things. They’re collecting mission data, operational data, financial data, and more. They’re also collecting a trove of information about how people use their devices and networks. They have log data, network traffic data, endpoint data, vulnerability data, access controls, and asset attributions, as examples. By itself, most of that data is not of value, but together it can be used to create a picture of an agency’s cybersecurity risk and identify areas of opportunity to improve their overall security posture.
Against this backdrop, we saw an opportunity to, first, help agencies collect and mine the cyber data they already have in-hand to find those areas of opportunity and, second, to evaluate the impact of addressing those items and prioritizing them in a way that would have the greatest effect on the organization and its mission. So, we built a tool that could do that for them and turn the cyber data that agencies already have into something immediately actionable and impactful. We call it Evergreen, as a reflection of the need to constantly take-in and act-on what data is telling you about your cyber risk.
GDIT’s Evergreen Analytics Reporting System
Evergreen is an Applicable Analytics Reporting System aimed at methodically and proactively identifying solutions to problems such as not-fully patched or not-fully secured networks; or bridging the gap between the time and resources needed to remediate an issue; or simply optimizing remediation efforts.
The system implements a host of analytics, including AI/ML, to create reports for users that show them where to focus their cybersecurity efforts in order to get the most ROI. It identifies remediation efforts that will lead to the maximum output within the allotted time and with the available resources. Evergreen also leverages predictive analytics to foresee cyber risks based on deployed assets and current configurations. These forecasts inform the overall analysis to achieve maximum risk-mitigation posture.
As a result, users can make the fullest use of their resources, lower their risk posture to the greatest extent possible, and increase productivity with prescriptive reports that prioritize tasks based on their impact to the enterprise.
For one customer, Evergreen improved the time it takes to identify and resolve security controls and configurations issues by 400%. It improved the detection of non-compliance issues by 3000%. It reduced preparation time by 75% and detected and resolved hundreds of zero-day vulnerabilities, all while monitoring thousands of devices and services.
Continuous Evolution Means Continually Improving Risk Postures
We’re constantly testing and evolving Evergreen to ensure it meets evolving customer needs and maintains its utility into the future. We use our DeepSky innovation lab where we mirror government environments and allow teams to test new capabilities and collaborate with partners to incubate and prototype new solutions. There, we have over 1,000 endpoints we're able test on and mimic real infrastructure outside of a customer’s operational networks. We’re leveraging Zero Trust and testing fixes and new capabilities we want to add to Evergreen before we deploy them for customers.
It's important, just as we counsel customers to use their cyber data to improve their risk posture, that we use data about Evergreen to continue to evolve it and make it the optimal solution for them. We are fortunate to be able to collaborate with industry, academia, emerging technology firms and customers to bring effective, impactful solutions to bear. Evergreen is just one – incredible – example.