Blog
Network Detection & Response (NDR) for NIST
How Reveal(x) cloud-native NDR supports the NIST Cybersecurity Framework
Chase Snyder
October 8, 2019
What are the NIST Cybersecurity Framework and NIST Special Publication 800-53 Rev. 4?
The NIST Framework for Improving Critical Infrastructure Cybersecurity, which for brevity we'll call the Cybersecurity Framework (or CSF), is a set of "standards, guidelines, and best practices to manage cybersecurity-related risk." The guidelines in the Cybersecurity Framework are divided into five broad functions: Identify, Protect, Detect, Respond, and Recover. Each function is divided into categories and subcategories.
For example, the Identify function has a category called Asset Management, denoted with the four-letter code ID.AM, followed by a number indicating which outcome category (e.g. "physical devices within the organization are inventoried.") is being discussed. The Asset Management category has subcategories for physical device management, software and applications, organizational data flows, and more. Each outcome subcategory includes informational references to the relevant controls from NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations.
How Do Organizations Use NIST CSF and NIST SP 800-53 R4?
The NIST Cybersecurity Framework is essentially a subset of Special Publication 800-53 Revision 4 that is organized around the five essential functions listed above. This excerpt from the framework does an excellent job summarizing how organizations use it, and the outcomes they can expect:
"Building from those standards, guidelines, and practices, the Framework provides a common taxonomy and mechanism for organizations to:
- Describe their current cybersecurity posture;
- Describe their target state for cybersecurity;
- Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process;
- Assess progress toward the target state;
- Communicate among internal and external stakeholders about cybersecurity risk"
These frameworks were written for use by federal agencies managing critical infrastructure, but the guidelines and controls are highly relevant for any organization that wants to understand and improve upon its security posture.
How Does Reveal(x) Network Detection & Response Support Implementation of NIST CSF and NIST SP 800-53 R4?
ExtraHop Reveal(x) NDR uses stream processing to auto-discover and classify every transaction, session, device, and asset in your enterprise at up to 100Gbps, decoding over 70 enterprise protocols and extracting over 4,800 features to fuel our cloud-scale machine learning. All this data is used to build predictive behavioral models for every device so that we can detect threats and let you know about suspicious behavior in time to prevent data loss.
Reveal(x) provides at least partial support in all five primary functions of the NIST CSF, and exceptionally strong support in the Identify and Detect functions. For a thorough description of how Reveal(x) NDR supports each category and dozens of subcategories of controls within the NIST CSF, download our white paper here.
