{"id":6253,"date":"2018-08-28T22:52:19","date_gmt":"2018-08-29T05:52:19","guid":{"rendered":"https:\/\/www.acalvio.com\/?p=6253"},"modified":"2018-08-28T22:52:19","modified_gmt":"2018-08-29T05:52:19","slug":"rise-above-the-fray-with-the-nist-cybersecurity-framework","status":"publish","type":"post","link":"https:\/\/acalvio.p2staging.us\/index.php\/2018\/08\/28\/rise-above-the-fray-with-the-nist-cybersecurity-framework\/","title":{"rendered":"Rise Above the Fray with The NIST Cybersecurity Framework"},"content":{"rendered":"<p>Being a CISO these days isnb\u0000\u0019t easy. The threats are dynamic, the technology hype bewildering, and the expectations from the boss to magically b\u0000\u001cjust make the problem go awayb\u0000\u001d unrelenting. One way to help get a grip on this mess is to adopt industry accepted frameworks in which to operate. The idea is to step back from the day to day world of budgets, phishing and recruiting and look at your desired security outcomes holistically. Itb\u0000\u0019s certainly a more systematic approach than trying to figure out what your organization has implemented to date, and then figure out whatb\u0000\u0019s worth keeping and what the gaps are.<br \/>\nPerhaps the best guidance for security comes from the <a href=\"https:\/\/www.nist.gov\/cyberframework\">Cybersecurity Framework<\/a>, or CSF. Although published by the US National Institute of Standards and Technology (NIST) to help b\u0000\u001ccritical infrastructureb\u0000\u001d organizations (think power plants and such) the CSF is gaining wide adoption across the private sector. Industry surveys from the likes of Gartner and Cisco indicate increasing use of the framework. Thatb\u0000\u0019s because itb\u0000\u0019s not overly complex and supports prioritizing controls based on business risk. Itb\u0000\u0019s also quite comprehensive, with five high-level outcomes: Identify, Protect, Detect, Respond, and Recover. Note that the outcomes address all phases of cybersecurity, including post-compromise activities.<br \/>\nAt Acalvio we advocate the use of the CSF, and have crafted our solutions to <a href=\"https:\/\/go.acalvio.com\/nist-framework\">support 14 of the CSF controls<\/a>. The starting point is detection. A key portion of the CSF is dedicated to the outcome of detecting attackers after they are inside the network, which is Acalviob\u0000\u0019s bread and butter. Our <a href=\"https:\/\/www.acalvio.com\/product\/\">Shadowplex<\/a> offering is focused on scalable, operationally realistic detection of threats. This includes attempts to access attractive but fake host assets created by Shadowplex, as well as lateral movement and propagation across the network.<br \/>\nBut we donb\u0000\u0019t stop at detection: Acalvio has also pioneered engagement technologies that fall under the Cybersecurity Frameworkb\u0000\u0019s Respond and Recover sections. These technologies provide valuable insight about an attackerb\u0000\u0019s methods so that you can start attack mitigation quicker and more effectively. Meanwhile, our Shadow Network component slows the attacker down, providing more time to organize your response and update your prevention controls to block a new attack.<br \/>\nWe encourage you to review the Cybersecurity Framework, no matter what your level of security acumen. The truth is that itb\u0000\u0019s all too easy to get caught up in tactical firefighting or the latest wiz-bang product. All security practitioners need to carve out time to think strategically, and when youb\u0000\u0019re finally able to do that, you need a solid framework in which to work most efficientlyb\u0000&#038;before the next fire breaks out!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Being a CISO these days isnb\u0019t easy. The threats are dynamic, the technology hype bewildering, and the expectations from the boss to magically b\u001cjust make the problem go awayb\u001d unrelenting. One way to help get a grip on this mess is to adopt industry accepted frameworks in which to operate. The idea is to step [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":6254,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[87,98,125],"_links":{"self":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/6253"}],"collection":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/comments?post=6253"}],"version-history":[{"count":0,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/posts\/6253\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media\/6254"}],"wp:attachment":[{"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/media?parent=6253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/categories?post=6253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acalvio.p2staging.us\/index.php\/wp-json\/wp\/v2\/tags?post=6253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}