Cybersecurity Landscape
Cybersecurity can be pictured as a landscape, continuously reshaped by powerful forces: regulation, insurance, criminal organizations, government agencies, public expectations, law enforcement, and vendors.
Understanding the Landscape
Frameworks break down cyber into manageable categories. The NIST Cybersecurity Framework (CSF), one of the most widely used, defines 5 categories: Identify, Protect, Detect, Respond, and Recover.
Identify
What is Identify
Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. This includes:
-
Asset Management
-
Business Environment
-
Governance
-
Risk Assessment
-
Risk Management Strategy
Identify tools to integrate
Cyrisma
Risk identification and compliance management.
SentinelOne
Asset management and unknown device identification.
Risks mitigated by Identify
-
Unidentified Assets: Not knowing what needs protection can lead to vulnerabilities in unmanaged systems or data.
-
Lack of Risk Awareness: Without understanding the risk landscape, organizations might not prioritize or allocate resources appropriately for cybersecurity.
-
Poor Governance: Inadequate cybersecurity policies, procedures, or oversight can lead to systemic security weaknesses.
-
Unknown Vulnerabilities: Failing to identify vulnerabilities in systems or processes can leave them open to exploitation.
-
Misalignment with Business Objectives: Cybersecurity strategies not aligned with business goals might result in over or under-protection of critical assets.
Protect
What is Protect
Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services. This includes:
-
Access Control
-
Awareness and Training
-
Data Security
-
Information Protection Processes and Procedures
-
Maintenance
-
Protective Technology
Protect tools to integrate
SentinelOne
AI-driven endpoint protection.
Avanan
Email and cloud security.
Acronis
Data backup with immutability.
Perimeter81
SASE solution for ZTA.
EntraID
Identity and access management.
Risks mitigated by Protect
-
Unauthorized Access: Weak access controls can lead to data breaches or system compromise.
-
Malware and Cyber Attacks: Lack of protective technologies like anti-virus or firewalls increases susceptibility to malware, ransomware, etc.
-
Data Leakage: Insufficient data security measures can result in sensitive information being exposed or stolen.
-
Human Error: Without proper training and awareness, employees might inadvertently cause security incidents.
-
Physical Security Breaches: Failing to protect physical access to assets can lead to direct attacks on infrastructure.
Detect
What is Detect
Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. This includes:
-
Anomalies and Events
-
Security Continuous Monitoring
-
Detection Processes
Detect tools to integrate
SentinelOne
Real-time MDR threat detection. Active threat hunting.
Avanan
Real-time email, messaging, cloud file, and account takeover threat detection.
Risks mitigated by Detect
-
Undetected Intrusions: Without adequate monitoring, breaches might go unnoticed, allowing attackers to maintain persistence.
-
Prolonged Exposure: Slow detection times can extend the period an attacker has access to systems.
-
Missed Anomalies: Failing to recognize unusual patterns or activities can lead to significant security events being overlooked.
-
Lack of Visibility: Poor visibility into network traffic or system behaviors can hide ongoing threats.
-
Data Breaches Going Unnoticed: Data might be exfiltrated without any alarms being triggered if detection mechanisms are not in place or functioning correctly.
Respond
What is Respond
Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. This includes:
-
Response Planning
-
Communications
-
Analysis
-
Mitigation
-
Improvements
Respond tools to integrate
SentinelOne
Automated remediation option. 24/7 staffed MDR. Forensic data lake.
Acronis
On-prem and cloud 3-2-1 rule backups. Industry leading RTO.
Avanan
Block compromised accounts. Pre- and post-delivery email remediation.
Risks mitigated by Respond
-
Inadequate Incident Management: Poor response strategies can exacerbate incidents, leading to greater damage or loss.
-
Delayed Reaction: Slow response times can allow threats to escalate or spread within the network.
-
Miscommunication During Incidents: Lack of clear communication protocols can confuse response efforts or fail to inform stakeholders appropriately.
-
Loss of Evidence: Without proper logging and analysis, critical evidence for understanding the breach might be lost.
-
Reputation Damage: An ineffective response can lead to significant reputational harm and loss of customer trust.
Recover
What is Recover
Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. This includes:
-
Recovery Planning
-
Improvements
-
Communications
Recover tool integration
Acronis
Zero RPO option with industry leading RTO. 3-2-1 rule compliant.
Hook Security
Post-incident tailored training.
Perimeter81
Dynamic NAC, post-incident adjustments for secure recovery.
Risks mitigated by Recover
-
Prolonged Downtime: Inefficient recovery processes can extend the time services are unavailable, affecting business continuity.
-
Data Loss: Without robust recovery plans, essential data might be permanently lost, impacting operations.
-
Residual Vulnerabilities: Recovering to a state where the same vulnerabilities exist can invite repeated attacks.
-
Loss of Confidence: Poor recovery can undermine trust in the organization's ability to manage cybersecurity incidents.
-
Legal and Compliance Risks: Inadequate recovery might lead to non-compliance with laws or regulations, resulting in fines or legal action.
