Make the Security Picture More Legible
Sometimes the right “frame” can change your view of a picture. Here the frame I have in mind is really a framework: an organizing principle for leaders devising cyberdefense strategies. When such a framework succeeds in establishing a clear view of concepts and objectives, it can get an entire technology team on the same page, simplifying and accelerating tasks formerly prone to complications and delays.
Let me explain.
This past March, MIT cybersecurity research director, Dr. Keri Pearson, and Nelson Novaes Neto, a researcher at MIT’s Sloan School of Management, took to the Harvard Business Review to report some worrisome results from their recent boardroom survey on cybersecurity awareness. Only 68% of company directors said they discuss cybersecurity regularly, and 23% said they had no board-level plan or strategy for cybersecurity. The worst part: 9% of those board members told Pearson and Neto they never discussed cybersecurity at all!
Those companies’ customers no doubt expect better. Organizations that fail to anticipate risk can lose trust and brand equity when a security incident occurs. The survey pointed to a crisis of comprehension: Many nontechnical influencers lack the means to fathom a tier-one existential threat. A “frame,” in other words, is needed to make the security picture more legible.
So, what did Pearson and Neto suggest?
“We like the NIST Cybersecurity Framework … It is simple and gives executives and directors a good structure for thinking through the important aspects of cybersecurity. But it also has many levels of detail that cyber professionals can use to install controls, processes, and procedures.”[1]
The NIST Framework: A Roadmap for Cybersecurity Strategy
Think of the NIST Framework as a flexible roadmap for cybersecurity strategy.
The Framework was developed nearly a decade ago by the National Institute of Standards and Technology at the U.S. Department of Commerce and is based on the experiences of real-world practitioners since the early 2000s. It was updated in 2018; it remains a living document: NIST has solicited suggestions for the next iteration in the spring of 2022.[2] It uses simple language -- Identify, Protect, Detect, Respond, Recover – to orient lay people to security challenges.
When naming preferred technology solutions, the NIST Framework plays no favorites. Rather, it’s about standards, not endorsements. Decisions about how to actually leverage the Framework are left up to individual organizations.
But its studied neutrality gives it extra power and influence. Part of the intent behind the Framework is to have it “serve as a model for international cooperation on strengthening cybersecurity … a flexible way to address” security needs.[3] Indeed, the NIST framework has inspired “translations, adaptations, and other references worldwide”[4] – including the European Union’s NIS and subsequent update, NIS2.
The more prominent the NIST Framework and its worldwide analogs, the better the opportunity for business leaders to understand, and manage, cyber risks. When they want to follow the Framework’s roadmap -- Identify, Protect, Detect, Respond, Recover – that is a fine place to start. The next logical step is to ask: How do we execute? And with what partner?
How Vectra Fits the NIST Framework
Vectra and its community of trusted partners clarify how our offerings fit the NIST Framework. We connect the dots. Vectra aligns its business and technology with the NIST Framework.
Customers appreciate two points in particular.
First, the Framework lays out four “implementation tiers” for security solutions, with ascending levels of sophistication. They run from Tier 1 (“partial”), where an organization manages risk in an off-the-cuff, reactive manner and lacks key processes, through Tier 2 (“risk-informed”) and Tier 3 (“repeatable”) to Tier 4 (“adaptive”).
Tier 4 is clearly the best state to be in. In Tier 4, an organization actively adapts to a changing cybersecurity landscape. Risk management via agile information-sharing is part of its DNA. Yet achieving a NIST Tier 4 implementation is difficult, if not impossible, without automation. Combing massive data sets for breadcrumb-style evidence of attackers is monotonous work for human eyes and minds performing manual analysis.
The Vectra platform automates the analysis of security events and reduces the time spent on threat investigations by up to 90%. This frees the people in the mix to work at higher potential and address the most important aspect of risk management: understanding the business context of vulnerabilities, inbound threats, and security controls.
The authoritative NIST Framework tier system helps organizations grasp the virtues of adaptive, intelligent cyberdefense. When they get that down, the Vectra platform proves its value by producing measurable results and contributing to an ongoing, long-term improvement process.
Second, with the Framework’s simple five-word process roadmap -- Identify, Protect, Detect, Respond, Recover – gaining currency as the default way to make sense of cyberdefense, the Vectra platform brings best-in-class value and performance above all to Detect and Respond, the core elements of the Framework key to our mission. Consider the following:
- Automated threat detection is central to the platform. It provides continuous monitoring and automated threat surveillance across the entire enterprise.
- The platform employs machine learning and attacker behavior analytics to automatically hunt down threats across the entire enterprise, from cloud and data center workloads to user and IoT devices.
- The platform provides real-time visibility into network traffic by extracting metadata from packets rather than performing deep-packet inspection, enabling protection without prying.
- The platform correlates network metadata with other data sources and builds custom tools and models to detect, investigate, and hunt. Metadata are stored to support retrospective threat or incident investigations.
The Vectra platform supports the vast majority of Detect and Respond functions and subfunctions identified in the NIST Framework as priorities for protecting critical infrastructure. The Framework will likely remain vendor-neutral and never mention Vectra by name. Still, Vectra makes a compelling case within the Framework’s context: exponentially increasing the sophistication and potency of security teams while reducing risks associated with cyberattacks.
Vectra Is at the Forefront
As I mentioned at the beginning, sometimes the right frame can change your view of a picture. The Framework and its variants outside the United States, the most important being the EU’s NIS2, are emerging as standard reference works – driving a better understanding of cyberdefense. It imposes order and logic on an unruly, sometimes fear-tinted landscape.
This shift presents a prime opportunity for Vectra AI. When it comes to building the best technologies aligned with the NIST Framework, we are at the forefront. The Vectra platform enables security teams to mount a better defense against ever-more-sophisticated attackers. And the more prominent the NIST Framework, the more persuasive the case for Vectra – and the closer we get to realizing the Vectra vision: making the world a safer and fairer place to do business.
[1] Dr. Keri Pearlson and Nelson Novaes Neto, “7 Pressing Cybersecurity Questions Boards Need to Ask,” Harvard Business Review, 4 March 2022.
[2] “NIST Seeks Comments on Cybersecurity Framework Refresh,” National Law Review, 10 March 2022. https://www.natlawreview.com/article/nist-seeks-comments-cybersecurity-framework-refresh
[3] NIST, “Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1,” Executive Summary, 16 April 2018. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
[4] NIST PowerPoint presentation, “The Cybersecurity Framework Version 1.1,” October 2019. https://www.nist.gov/cyberframework/framework