Pick your favorite high-profile cyber event of 2013/2014: Edward Snowden, the infamous Chinese hackers, Target, Twitter, the Federal Reserve. Any one of these events would be worthy of some serious attention, and the U.S. Federal Government is certainly giving it.
For years, the US Federal Government has been talking about ways of improving information security in the private sector. We’re going to take a look at the recent movement in this arena, and discuss how Basis Technology is preparing to support industry as they address these security issues.
The Rise of Response
Motivated by an executive order, the NIST Cybersecurity Framework was released in February 2014. It drew heavily from existing information security standards, but clearly defined the stages of cybersecurity preparedness and response as:
-
Identify – Understand what assets are critical to operations and security
-
Protect – Defend the identified assets through policy and technology installations
-
Detect – Monitor and discover malicious behavior on assets
-
Respond – Take action against detected malicious behavior and find root cause
-
Recover – Return to normal operations and institute updated policy if applicable
Response is positioned as a first class citizen amongst the rest of its peers in the cybersecurity phases NIST has identified. The U.S. Federal Government seems to be indicating that the same level of attention and resources given to protecting information needs to be applied to response planning and preparedness. We agree.
Historically, companies have focused on the protection and detection phases of cyber security. Every organization wants to position themselves as impenetrable, and may be tempted to invest heavily in only perimeter defenses. However, as is clear from the previously mentioned high-profile data breaches – how do you address the inevitability of the adversary in your bunker? You must be ready to react.
Currently, participation and adoption of the Cybersecurity Framework is voluntary. So, will that change? And if so, how do you start addressing the previously overshadowed response phase efficiently and effectively?
Cyber Triage – Respond and Recover
Basis Technology’s digital forensics group is developing a capability we are calling Cyber Triage to help organizations respond rapidly to the alerts generated by the multitude of “Protect and Detect” tools. This simple, straightforward application will empower your IT staff to respond to these alerts, prioritize their response, and quickly discover where a real attack has spread through your network, allowing the Recovery phase to begin as quickly as possible. Cyber Triage is built to adapt to your organization’s policies and provide easy to use functionality for generalist IT professionals with the underlying sophistication necessary for the seasoned incident response specialist.
No matter how you approach the problem of cybersecurity, it is clear that the time to start preparing is now.