Technologies developed at a much faster rate than laws and regulations could keep up with. With a lack of clear standards came increased risks, particularly of the cyber security kind.
Industries, and businesses, approach their cyber security needs in different ways and a lack of a unified strategy has allowed for cyber criminals to work their way in, praying on vulnerabilities.
In an attempt to help businesses understand and improve their management of cyber security related risks, the National Institute of Standards and Technology created their Cybersecurity Framework.
What is the NIST Cybersecurity Framework?
The framework is a set of best practices and guidelines for companies to improve the way they identify, detect and respond to cyber attacks.
At the core of the framework are a set of cyber security activities, which link together to provide a high-level, strategic view of a risk management lifecycle. These are defined below:
Identify and quantify all key aspects of the business, including data, systems, personnel, environment, policies and procedures. Understand the risks posed by cyber attackers and developing a strategy to deal with them.
Introduce practices and safeguards around access control, employee awareness and training and data security to minimise exposure to cyber threats. The maintenance and updating of protective measures should be factored into planning too.
This function requires companies to implement a continuous security monitoring infrastructure, capable of detecting anomalous activity which may compromise security. It also encourages constant testing and maintenance of these detection measures.
A company must have an effective strategy in place to deal with threats once detected, to minimise its impact. Lessons from the security breach should be understood, in order to better defend against attacks in the future.
Companies must put in place critical plans and structure necessary to restore any functionality compromised by the attack and return to business as usual.
But isn’t the framework American?
Yes, NIST is a non-regulatory agency of the United States Department of Commerce, but cyber criminals aren’t hindered by invisible country borders. If something helpful for businesses has been developed, it shouldn’t go to waste.
It can be argued that every business should think about their cyber security with the Framework in mind - 70% of businesses view NIST's framework as a security best practice.
Implementing the framework
The NIST Cybersecurity Framework offers a higher-level methodology for businesses to align their business, and technological approaches to. But how they go about implementing the practices can be slightly tricky, especially when other business critical chores consume resources.
64% of businesses use some part of the NIST framework but are still open to vulnerabilities due to the cost of adoption.
Our Securyx Threat Management service helps to address these five core aspects of the framework:
1. Identifying threats
Automatic identification of computer assets and users associated with threats in the environment, so you can pinpoint who is affected. We also identify devices which don’t have agents installed and previously unknown yet connected devices.
2. Protecting your assets
Protects Windows, Mac and Linux endpoints from multiple vectors of attack, including file-based malware, script based attacks and zero-day campaigns by using multiple AI models withing a single agent.
3. Detecting attacks and breaches
Automatically detects attacks across the endpoint environment, regardless of how they are delivered to the machine via multiple detection engines. Our Managed Detection and Response service, adds another layer of detection through 24x7 threat monitoring by our trained security analysts.
4. Responding swiftly and methodically
Provides effective response measures through patented endpoint remediation capabilities. The agent can automatically clean an infected machine by identifying changes made by malware, and undoing these changes with rollback mechanisms. All detected threats are responded to, any hour of any day taking the burden off your shoulders.
5. Recovery and continuity
Provides a recovery option called Rollback. Rollback restores an endpoint to a pre-attack state, by remediating and automatically restoring damaged file system information. This feature literally rewinds the effects of attacks such as ransomware.
Explore our 24×7 threat monitoring & response solution to find out how you can create your own robust framework.