Cybersecurity Automation Is Essential
Cybersecurity Automation Is Essential The cornerstone of risk-based cybersecurity is the use of automation tools to implement continuous monitoring processes. Orchestrating a portfolio of Continuous Diagnostics and Mitigation (CDM) tools and the data they provide enables near real-time digital risk management.
Cybersecurity Automation and Orchestration help you:
- Maintain a picture of your security posture
- Measure that security posture
- Identify deviations from expected results and states
- Provide visibility into assets that should be there and those that shouldn't
- Orchestrate and Leverage automated data feeds
- Monitor the continued effectiveness of security controls
- Enable prioritization of remedies based on your risk posture
- Inform automated or human-assisted implementation of remedies
This page maps the key cybersecurity automation domains to the controls where this technology is useful in building your security architecture and risk management framework. Click on each of the domains to the left to see the controls where these tools should be part of your security architecture and security solution implementation.
Controls with indicate controls where Cloud Service Providers have corresponding responsibilities to the implementation of the control.
Vulnerability & Patch Management
Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an the digital enterprise and the information supply chain. Patch and vulnerability management tools are essential components of continuous diagnostics and mitigation and cybersecurity automation and orchestration.
Vulnerability management and vulnerability scanning of continuously identify, classify, remediate, and mitigate vulnerabilities. Patch management is the process for identifying, acquiring, installing, and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware by significantly reducing the opportunities for exploitation of bugs and weaknesses in the system. Patches also add new features to software and firmware, including security capabilities.
These are the controls where vulnerability and patch management tools are applicable:
Controls with indicate controls where Cloud Service Providers have corresponding responsibilities to the implementation of the control.Read NIST's Patch Management Guidance
Event & Incident Management
Event and incident management systems define, collect and manage the raw data about what's going on in your information supply chain. These tool assemble the information that is fed into other systems and/or used to orchestrate continuous monitoring of your digital enterprise. There are two sets of tools that are used for event and incident management. They are mapped to the corresponding controls below.
Logging & Log Management
Log management aggregates data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events. The data collected directly correlates to your specific configurations, architectures, endpoint and user access and authentication capabilities. These log files feed other automation and orchestration tools to enable continuous assessment of a system or information supply chain's risk posture and wellness.
Controls with indicate controls where Cloud Service Providers have corresponding responsibilities to the implementation of the control.Read NIST IDPS Guidance Here
Malware, a portmanteau for malicious software, is the contemptible amalgam of hostile and intrusive software, computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and phishing tools designed to be covertly inserted into your information supply chain to destroy data, compromise the confidentiality, integrity, or availability of your data, applications, or operating system and generally mess up your systems ruining your day, your weekend and your appearance at the next board meeting.
Malware is the most common external threat to most digital enterprises, causing widespread damage and disruption and necessitating extensive recovery endeavors. This is one of those risk areas where you need to continuously update your malware detection capabilities for known vulnerabilities while building capabilities to deploy resilient systems for the zero-day exploits and other increasingly sinister creations from the hacker underworld that you don't know about yet.
And while you are here, let us remind you to backup your data and critical apps on a regular schedule.
A network management encompasses the hardware and/or software tools that allow an IT professional to supervise the individual components of a network. These tools enable network administrators manage a network's independent components inside a bigger network management framework. Network management is an increasingly complex domain given the breadth and scope and exponentially expanding boundaries of what constitutes your network.
Software Assurance is the planned and systematic set of activities that ensure that software processes and products conform to requirements, standards, and organizational procedures help achieve:
- Trustworthiness – No exploitable vulnerabilities exist, either of malicious or unintentional origin; and
- Predictable Execution – Justifiable confidence that software, when executed, functions as intended.
These are the security controls to consider when building Software Assurance into your risk-based cybersecurity architecture:
Information Protection | Data Loss Prevention (DLP)
Data loss prevention and information protection cover the techniques for protecting your most important digital assets. It prevents end users from removing data or emailing to their friends, it protects these assets from deliberate or inadvertent disclosure and insures that all of your data assets are identified and tracked.
From a cybersecurity perspective Data Loss Prevention tools also provide the mechanisms to watch the flow of data out of your enterprise by monitoring the normal ebb and flow of data in your environment. DLP software forces the bad guys to steal your stuff more slowly so that your DLP doesn't tip you off that there is a change in your data movements.
Security Information and Event Management
Security information event management (SIEM) tools gather, analyze and present information from network and security devices, identity and access-management applications, vulnerability management and policy-compliance tools, operating-system, database and application logs, external threat data.
SIEMs aggregate data, correlate and link events to turn data into useful information; perform security alerting on issues within the environment; automate compliance and security governance and auditing functions and enable presentation of dashboards to facilitate real-time monitoring of the state and health of the system and its components.
SIEM tools may be used as part of an implementation strategy for these controls:
Configuration management is the holy grail of cybersecurity. If you don't know what you have, how it's configured, and where it is you can't protect it. Configuration management (CM) is a governance and systems engineering process that ensures the proper accounting of an enterprise's information technology assets and of the interrelationship between them in an operational environment across the system lifecycle.
In today's world of agile software development, continuous DevOps deployment cycles, security-focused configuration management is an essential element in digital innovation and digital transformation.
Asset Management is the process of tracking a diverse set of hardware and software and the location and configuration of networked devices and software across the enterprise — hardware include servers, workstations, and network devices; software include operating systems, applications, and files.
Comprehensive asset management programs enable organizations to more securely and efficiently monitor and manage their organization's many information technology (IT) assets in an increasingly complex information supply chain that includes complex systems and complex organizations that can include networks of IT assets supporting networks of subsidiaries, branches, third-party partners, contractors, temporary workers, constituents, customers, and guests.
Consider these controls when building asset management into your cybersecurity program.
License management keeps track of software license agreements, how those licenses are deployed and managed, and providing access to software resources in usage-based business models. License management is used to insure license compliance and to digital rights management. From a cybersecurity perspective this enables management of legitimate software and helps find unlicensed software present in the environment.
Management dashboards provide a visual representation of what is happening within the digital enterprise and the information supply chain providing a quick and easy way to see and assess your risk posture. Dashboards automatically and securely connects to your data and continuously update in real-time. The challenge in building and deploying effective management dashboards is to determining which metrics provide the most relevant actionable information on the state and status of your systems Here are the controls that can help you build your dashboards; and risk and security awareness strategies.