Being a CISO these days isn’t easy. The threats are dynamic, the technology hype bewildering, and the expectations from the boss to magically “just make the problem go away” unrelenting. One way to help get a grip on this mess is to adopt industry accepted frameworks in which to operate. The idea is to step back from the day to day world of budgets, phishing and recruiting and look at your desired security outcomes holistically. It’s certainly a more systematic approach than trying to figure out what your organization has implemented to date, and then figure out what’s worth keeping and what the gaps are.
Perhaps the best guidance for security comes from the Cybersecurity Framework, or CSF. Although published by the US National Institute of Standards and Technology (NIST) to help “critical infrastructure” organizations (think power plants and such) the CSF is gaining wide adoption across the private sector. Industry surveys from the likes of Gartner and Cisco indicate increasing use of the framework. That’s because it’s not overly complex and supports prioritizing controls based on business risk. It’s also quite comprehensive, with five high-level outcomes: Identify, Protect, Detect, Respond, and Recover. Note that the outcomes address all phases of cybersecurity, including post-compromise activities.
At Acalvio we advocate the use of the CSF, and have crafted our solutions to support 14 of the CSF controls. The starting point is detection. A key portion of the CSF is dedicated to the outcome of detecting attackers after they are inside the network, which is Acalvio’s bread and butter. Our ShadowPlex offering is focused on scalable, operationally realistic detection of threats. This includes attempts to access attractive but fake host assets created by ShadowPlex, as well as lateral movement and propagation across the network.
But we don’t stop at detection: Acalvio has also pioneered engagement technologies that fall under the Cybersecurity Framework’s Respond and Recover sections. These technologies provide valuable insight about an attacker’s methods so that you can start attack mitigation quicker and more effectively. Meanwhile, our Shadow Network component slows the attacker down, providing more time to organize your response and update your prevention controls to block a new attack.
We encourage you to review the Cybersecurity Framework, no matter what your level of security acumen. The truth is that it’s all too easy to get caught up in tactical firefighting or the latest wiz-bang product. All security practitioners need to carve out time to think strategically, and when you’re finally able to do that, you need a solid framework in which to work most efficiently…before the next fire breaks out!