NIST CSF – Detect | Cybersecurity Insights #7

August 2, 2019 posted by

Hey! Josh here from Absolute. We’re going to continue looking
at the NIST Cybersecurity Framework with a special attention
put on the third pillar “Detect”. [MUSIC] The real-world doesn’t seem all
that interested in your cyber resilience. New threats, exposures,
vulnerabilities, and blunders that can wreck the show. But, here, we can lean on
the techniques of the NIST CSF. Let’s start with strange things happening By definition an
anomaly is simply anything that deviates from the standard,
the norm, or the expected. Imagine you have an endpoint running a PHP process with a connection
to an IP address in another country Is it anomalous?
Well… Do we have a baseline? What’s the endpoint’s hygiene status? Who is using it? Where is the device physically located? What were the activities this time last
week, last month, last year, or any time period? Well… we have built the foundation
with the first two pillars (Identify and Protect) so we can see when things
start to fall outside of our expectations. Within the “Detect” pillar, we can see
how anomalies are the ‘what’ we need to detect, and continuous monitoring
is ‘when’ we need to detect. Spoiler alert: always be watching. Start with a digital tether to your
endpoints, where a firmware-based module that has a persistent connection
that never loses its grip on any device. Which allows you to have a
recursive index, updating your asset intelligence with new inputs from the real world. Then, use Attack Simulation to play
‘what-if’ scenarios based on hygiene profiles and shifting circumstances,
to adapt before disaster strikes the ‘Detect’ pillar of NIST is a crucial discipline that forces us to be honest about our base-rate (to determine if something even is an anomaly) and extends visibility in
time and in space across the TAC surface to rapidly discover trouble and
capture every last shard of the environment. In our next episode
we’ll go deeper into the NIST CSF for a more effective incident response. Be sure to subscribe,
you won’t want to miss it. See you then!

1 Comment

One Reply to “NIST CSF – Detect | Cybersecurity Insights #7”

  1. Absolute says:

    0:13 – Skip the Intro

Leave a Comment

Your email address will not be published. Required fields are marked *