US Cybersecurity Framework: What It Means, How to Get Started

The US Cybersecurity Framework, prepared by the National Institute of Standards and Technology (NIST), has been in the works for a year and after several rounds of the government soliciting input and reviews from the private sector, its full iteration was published this past week.

There is no denying that the framework has received mixed reviews from the market. But one big benefit is that it provides a straightforward structure to think about security challenges and solutions.

The framework is organized in 5 sections: Identify, Protect, Detect, Respond, and Recover. Here’s a high-level review of where and how Palo Alto Networks technology maps to the framework and how Palo Alto Networks can help:

Identify:

We strongly believe that you should not have any unknowns on your network and should systematically identify and classify all traffic. Our next-generation security platform enables you to get full visibility and identify all traffic using attributes such as application, user and content.

An immediate benefit of gaining full visibility is that you can rapidly evaluate your level of risks and answer questions such as:

  • Do you have high-risk applications such as BitTorrent running on your SCADA network?
  • Do you know how much of your network capacity is taken by applications that have nothing to do with your business? Can you identify those bandwidth hungry applications and users?
  • Can you verify and even enforce you written Internet usage policies?

Protect:

Our next-generation firewall, which is a core component of our security platform, is the perfect vantage point to see all traffic on a network and can enforce control and policies that can effectively protect your network.

Access can be flexibly governed using application, user, content, source, destination, and/or URL category.

Detect:

Our threat prevention solution is native to our platform and protects any network from viruses, spyware, vulnerability exploits and known and unknown threats, regardless of evasive tactic or encryption.

Even never-before-seen malware and zero-day threats can be detected using WildFire, our cloud-based sandbox analysis capability.

Built-in reporting functions allow administrators to correlate anomalies and isolate unidentified traffic. Administrators can spotlight and control high-risk network activities and block communications bound for rogue command and control servers.

Respond:

The moment a security incident is detected, rapid communications and detailed information are the key to success for incident response teams.

Our security platform provides real-time alerting to administrators that include all the contextual information needed to respond accurately. Security teams can block infected users from internet access to contain the incident, while the threat is isolated and identified for remediation.

Recover:

Using the forensic data and the logging capabilities of the Palo Alto Networks next-generation security platform, indicators of compromise can be scanned for across the enterprise to identify remaining pockets of infection. Post-mortem analysis can be used to re-evaluate security policy decisions and complete the cyclical process of constant improvement.

 

If you are interested in more details on how Palo Alto Networks can rapidly contribute to improving the state of your security, feel free to contact us. Palo Alto Networks is a National Cybersecurity Excellence Partner under the National Cybersecurity Center of Excellence (NCCoE), which is pasrt of NIST.

You can also join us at Ignite 2014, March 31 – April 2 in Las Vegas. My industry team will be presenting several industry panels in healthcare, financial Services, public Sector, energy and others with the goal to take a deep dive on how organizations have leveraged our innovative technology to improve security and adherence to the various governmental regulations and guidelines that impact their respective industry.  Check out all the latest Ignite 2014 sessions here.