The Cybersecurity and Infrastructure Security Agency (CISA) is working with several agencies and departments on pilot programs to determine whether it is feasible to aggregate cloud logs into a system that could help CISA analyze data and identify cyber threats, FCW reported Wednesday.
CISA intends to "see if it's possible to send their logs to our aggregation point and make sense of them as a community together," Brian Gattoni, the agency’s chief technology officer, said at an event Wednesday.
"We've run pilots through the [Continuous Diagnostics and Mitigation] program team, through our capacity building team to look at endpoint visibility capabilities … to see if that closes the visibility gap for us,” he added.
Gattoni said some cloud service providers have an infrastructure in place that could support CISA’s data aggregation efforts, but the agency is exploring ways to come up with its own capabilities to gain visibility into networks.
"There's a lot of slips between the cup and the lip when it comes to data access rights for third party services, so we at CISA have got to explore the use of our programs like [CDM] as way to establish visibility … and also look at possibly building out our own capabilities to close any visibility gaps that may still persist," he said.