Transforming Security for our Next Generation Systems
Cyberattacks on IT assets are reaching new highs. Just when you think you are caught up, another unforeseen attack vector has opened. Look at just about any security architecture – it has been implemented slowly over time in a piece-meal fashion; leaving a mix of old and new technologies and overlapping parts and pieces, with few pieces talking to each other.
CISOs looking across their security architectures can only hope their solutions will withstand the onslaught of a cyber-attack. A scary proposition indeed. Recently, a CISO for a large financial services organization shared that his security architecture is composed of over 190 products. Despite this, he still feels vulnerable.
How do you manage 190 security products? Can you imagine the overlaps and the potential for gaps?
The US National Institute of Standards and Technology published a Cybersecurity Framework, also called the CSF and just released a draft for the next version.
The Cybersecurity Framework was developed to “enable organizations to apply the principals and best practices of risk management to improve the security and resilience of critical infrastructure.” The original CSF was released in 2014 and consolidates security research, international standards, and best-practices into a comprehensive protection guide.
At a high-level, the framework has five functions, and under these functions are categories and sub-categories.
I’ll leave it to you to read the full details on the NIST Cybersecurity Framework site, but essentially the five functions boil down to:
Identify—understand your assets, risks, governance, and create a cyber-risk management strategy
Protect—protect the assets, train your people, and keep up on maintenance
Detect—create the processes and implement the technologies to detect cyber mischief, and monitor for anomalies
Respond—develop a cyber-incident response plan and continue to improve
Recover—develop a recovery plan, test it, and continue to improve
The CSF is a great way to organize approaches to cybersecurity – although at the lowest levels of the framework, reference standards and tiers of implementation, are enormously complex. One of the collaborators of the Cybersecurity Framework explained at the February 2017 RSA Conference that the latest CSF pointed to over 120 security controls in these areas. Yikes!!! There’s got to be a better way.
We have made 2017 the year of Security Transformation. Now is the time to prioritize your organization’s cyber-security practices and evolve to combat new threats. We are joining the expertise of RSA, SecureWorks, VMware, and Dell EMC to produce adaptive security products and services to help you lead your security transformation.