On February 26, 2024, National Institute of Standards and Technology (NIST) unveiled the eagerly awaited NIST CSF 2.0, the first major update since 1.1 was released in 2018.
The NIST Cybersecurity Framework (CSF) was officially released in 2014, and became a landmark guidance framework for reducing cybersecurity risk around the world. Developed by NIST, this framework provided a structured approach to managing and mitigating cybersecurity risks. It offered a common language, actionable guidelines, and a flexible framework that organizations could adapt to their particular situations.
Why the update? The answer lies in the ever-evolving threat landscape. Cyberattacks have become more sophisticated, persistent, and diverse. Threat actors exploit vulnerabilities across interconnected systems, and organizations grapple with an expanding attack surface. The NIST CSF 2.0 responds to these challenges by incorporating lessons learned, emerging best practices, and real-world experiences. It’s a dynamic response to a dynamic threat environment.
Version 2.0 brings notable enhancements, such as:
- Expanded Scope: While the original CSF was targeted to protect critical infrastructure, the update is intended to provide guidance for all organizations and industries.
- Governance Function: NIST CSF 2.0 adds a new Govern function to better emphasize the importance of elevating cybersecurity to the board and C-suite.
- Supply Chain Security: The updated framework adds additional focus on the critical role of supply chains and the need for organizations to consider the security of their suppliers, partners, and third-party vendors.
- Expanded Resources: NIST has updated or expanded the supplementary resources available to companies, including CSF Organizational Profiles, Quick Start Guides, Informative References, and Implementation Examples.
One important theme in the NIST CSF is the criticality of threat intelligence and threat hunting capabilities in an organization’s cybersecurity defenses. Organizations should understand their inventory of assets, actively seek out indicators of compromise, analyze threat patterns, and stay ahead of potential attacks. A few highlights:
IDENTIFY (ID): The organization’s current cybersecurity risks are understood
- Asset Management (ID.AM): Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy
PROTECT (PR): Safeguards to manage the organization’s cybersecurity risks are used
- Platform Security (PR.PS): The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization’s risk strategy to protect their confidentiality, integrity, and availability
- Technology Infrastructure Resilience (PR.IR): Security architectures are managed with the organization’s risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience
DETECT (DE): Possible cybersecurity attacks and compromises are found and analyzed
- Continuous Monitoring (DE.CM): Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events
- Adverse Event Analysis (DE.AE): Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents.
With 92% of malware relying primarily on DNS, Infoblox’s BloxOne Threat Defense solution provides organizations with the ubiquitous visibility and control required to provide holistic detection and response. The unique research that underpins Infoblox’s threat intelligence, that targets the threat actors infrastructure rather than individual malware campaigns, provides the most scalable way to mitigate the ever increasing breadth and scale of attacks. The suspicious domains detected by tracking threat actors allows organizations to proactively block threat actor’s malicious infrastructure even before it becomes activated. This can dramatically reduce cyber security risks, avoiding the race conditions associated with fast moving malware and scams.
With the recent release of Infoblox’s new BloxOne® Threat Defense SOC Insights this allows SOC teams to operationalize the value of DNS based threat detection, enabling continuous monitoring and efficient incident response. It correlates critical data from multiple sources, such as newly observed domains, WHOIS domain registration data, threat actor context and asset data. SOC Insights empowers security analysts to jump-start investigations that truly matter and dramatically reduce response time by turning vast amounts of security events, network, ecosystem, and unique DNS intelligence data into a manageable set of immediate, actionable insights at AI-speed.
DNS Detection and Response is becoming a crucial pillar in organization’s security strategies and the combination of Infoblox Threat Defense with the new SOC Insights will allow organizations to build a solid foundation to align with industry baselines such as NIST 2.0.
SOC Insights is available now. For more information on SOC Insights and BloxOne Threat Defense capabilities, click here or contact an Infoblox representative.
