Being a CISO these days isnbt easy. The threats are dynamic, the technology hype bewildering, and the expectations from the boss to magically bjust make the problem go awayb unrelenting. One way to help get a grip on this mess is to adopt industry accepted frameworks in which to operate. The idea is to step back from the day to day world of budgets, phishing and recruiting and look at your desired security outcomes holistically. Itbs certainly a more systematic approach than trying to figure out what your organization has implemented to date, and then figure out whatbs worth keeping and what the gaps are.
Perhaps the best guidance for security comes from the Cybersecurity Framework, or CSF. Although published by the US National Institute of Standards and Technology (NIST) to help bcritical infrastructureb organizations (think power plants and such) the CSF is gaining wide adoption across the private sector. Industry surveys from the likes of Gartner and Cisco indicate increasing use of the framework. Thatbs because itbs not overly complex and supports prioritizing controls based on business risk. Itbs also quite comprehensive, with five high-level outcomes: Identify, Protect, Detect, Respond, and Recover. Note that the outcomes address all phases of cybersecurity, including post-compromise activities.
At Acalvio we advocate the use of the CSF, and have crafted our solutions to support 14 of the CSF controls. The starting point is detection. A key portion of the CSF is dedicated to the outcome of detecting attackers after they are inside the network, which is Acalviobs bread and butter. Our Shadowplex offering is focused on scalable, operationally realistic detection of threats. This includes attempts to access attractive but fake host assets created by Shadowplex, as well as lateral movement and propagation across the network.
But we donbt stop at detection: Acalvio has also pioneered engagement technologies that fall under the Cybersecurity Frameworkbs Respond and Recover sections. These technologies provide valuable insight about an attackerbs methods so that you can start attack mitigation quicker and more effectively. Meanwhile, our Shadow Network component slows the attacker down, providing more time to organize your response and update your prevention controls to block a new attack.
We encourage you to review the Cybersecurity Framework, no matter what your level of security acumen. The truth is that itbs all too easy to get caught up in tactical firefighting or the latest wiz-bang product. All security practitioners need to carve out time to think strategically, and when youbre finally able to do that, you need a solid framework in which to work most efficientlyb&before the next fire breaks out!