As IT infrastructures grow more complex with the advent of public/private clouds and internet of things (IOT), organizations are struggling to maintain a real-time view of what is on their network, quickly isolating/quarantining end-points compromised by malware and preventing sensitive data from being exfiltrated to command-and-control servers.
CIOs/CISOs are increasingly held accountable by the board of directors for securing their business infrastructure and preventing any security breaches that can ruin the reputation of the company. The security best practices defined in the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) version 1.1, establishes a consistent methodology, taxonomy, and approach to risk management from both a company executive and security operations perspective.
According to Gartner, 73% of IT organizations are already implementing or planning to implement NIST CSF in the next 18 months, to measure the security posture of their business infrastructure.
Why NIST Cyber Security Framework?
The increasing adoption rate of NIST CSF by most IT organizations can be attributed to the following.
- NIST applies to both public and private sectors with an appeal beyond the US
- It can co-exist, take advantage of existing frameworks such as ISO, COBIT, FFIEC, as well as form the basis for compliance programs such as FedRAMP
- It depicts an information security lifecycle that is typically followed and understood by IT organizations
- It provides a common taxonomy that can be applied across a wide variety of IT infrastructure components (network, endpoints, applications, and data)
What are the Key Elements of NIST CSF?
The NIST CSF is broken down into 3 components – the core, implementation tiers, and profiles.
- Core: Consists of the following 5 high-level functions, further divided into 23 categories.
- Identify: take inventory of assets on your network and identify risks
- Protect: implement protective technologies to prevent cyber threats from succeeding
- Detect: security events that escape the protective controls including 24/7 monitoring
- Respond: to security incidents to rapidly contain and mitigate cyber attacks
- Recover: restore any services or capabilities that were impaired due to a cyber security event/incident
- Implementation Tiers: help organizations characterize their practices in each of the Core functions and Categories, and prioritize the findings into these 4 tiers – Partial (1), Risk Informed (2), Repeatable (3), and Adaptive (4), based on the current maturity level of the security practices followed by the IT organization.
- Profiles: define the outcomes based on business needs and prioritize opportunities for improving an organization’s cyber security posture by comparing its “current” state with a desired “target” state.
The NIST CSF allows you to establish your unique current and target profile, identify the gaps between in the security controls deployed including the foundational network infrastructure services, and prioritize improvement actions, based on your resources and budget.
How Does Foundational Network Infrastructure Services Help Satisfy NIST CSF?
Organizations can leverage the foundational network infrastructure services to not only provide basic network connectivity but also gain precise visibility and security context for your SecOps team.
- Domain Name Service (DNS): provides critical audit trail of any domain/hostname lookups. This audit trail can be leveraged to quickly map out command-and-control (C&C) servers that have been accessed by compromised devices
- Domain Host Configuration Protocol (DHCP): can be used to dynamically assign reusable IP addresses to devices on the network, every time when a device (e.g. laptop) joins a network. DHCP data also helps correlate disparate security events related to the same device under investigation.
- IP Address Management (IPAM): begins with IP address discovery, tracking, and allocation of data pertaining to all devices on the network. It maintains a centralized repository of data associated with devices, networks, and services
At a high-level foundational network infrastructure services can satisfy the following NIST CSF requirements and reduce their overall business risks.
- Identify what is on your network in real-time by using the IPAM service that provides a single source of truth of your asset inventory.
- Protect your network by rapidly isolating endpoints (using integrations with NAC solutions) compromised by malware that bypasses your perimeter defenses.
- Detect cyber threats that use DNS tunneling to exfiltrate sensitive data and preventing backhaul traffic to malicious C&C servers.
- Respond to and mitigate cyber-attacks by providing API-level integrations with NAC, endpoint detection and response providers.
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services . Infoblox brings next-level security, reliability and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network management.
Download this Infoblox white paper, to learn more about how the capabilities in the foundational network infrastructure services map to the core functions and sub-categories in NIST, and what are the top 10 must haves in the foundational network infrastructure services to satisfy the NIST CSF.