The newly updated NIST Cybersecurity Framework (CSF) 2.0 underscores the importance for all organizations despite their industry, size, or maturity to manage and reduce cybersecurity risks within their organization to improve their cybersecurity posture and defend against the onslaught of attacks by threat actors. The overall cybersecurity posture of an organization should be a concern and responsibility of all within the organization, from executives to practitioners, which is why NIST CSF 2.0 made sure that their described desired outcomes can be understood by a broad audience. The NIST framework’s core is now organized around six key functions:
- Identify
- Protect
- Detect
- Respond
- Recover
- Govern (newly added)
The CSF 2.0 also contains new features that highlight the importance of supply chains. While the NIST framework itself doesn’t prescribe outcomes nor how they may be achieved, they understand that implementing CSF 2.0 can be a daunting task. That’s why they have provided a number of informative resources such as quick start guides, templates, and implementation examples to assist organizations with adopting the new CSF 2.0 framework. NIST also notes that the functions within the framework should be addressed concurrently. Actions that support GOVERN, IDENTIFY, PROTECT, and DETECT should all happen continuously, and actions that support RESPOND and RECOVER should be ready at all times and happen when cybersecurity incidents occur.
Taking Proactive Measures with the Censys Internet Intelligence Platform
A key component to ensuring success when it comes to implementing NIST CSF 2.0 is choosing best-of-breed solutions like the Censys Internet Intelligence Platform to help achieve some of the stated goals within this framework.
The Censys Internet Intelligence Platform leverages Censys’ internet-wide scan data with datasets representing the entire IPv4 address space, the largest IPv6 inventory, name-based scanning, and the largest certificate repository in existence. The platform also uses this data to map the entirety of an organization’s digital presence, including traditional on-premise assets and ephemeral cloud-hosted services. This makes it possible to track changes to your network, investigate risks, and improve your security posture.
Supporting Risk Management and Reduction
The Censys Internet Intelligence Platform is uniquely positioned to help organizations understand their external attack surface (EAS), the risks associated with their organization (not just vulnerabilities), and thus their overall cybersecurity posture.
Below we highlight specific areas of the NIST CSF 2.0 framework where the Censys Internet Intelligence Platform can have a direct positive impact and assist you in reaching your desired goals of a better cybersecurity posture.
How Censys Helps You Align to NIST CSF 2.0 Objectives
GOVERN:
- Establish and monitor cybersecurity supply chain risk management. Establish strategy, policy, and roles and responsibilities — including for overseeing suppliers, customers, and partners. Incorporate requirements into contracts. Involve partners and suppliers in planning, response, and recovery. Implement continuous oversight and checkpoints.
The Censys Internet Intelligence Platform can easily assess a supply chain partner, with no deployment or configuration required. This real-time visibility enables security teams to discover unknown and unmanaged assets with high confidence, allowing them to prioritize remediation efforts throughout their supply chain.
- Analyze risks at regular intervals and monitor them continuously (just as you would with financial risks)
Censys continuously trawls internet data sources such as Certificate Transparency logs, passive DNS sinks, and internet scans to uncover assets that you own. This makes it possible to understand your critical exposures and mitigate risks, while embedding best practice monitoring into your security operations.
IDENTIFY:
- Maintain inventories of hardware, software, services, and systems. Know what computers and software your organization uses — including services provided by suppliers — because these are frequently the entry points of malicious actors. This inventory could be as simple as a spreadsheet. Consider including owned, leased, and employees’ personal devices and apps.
Censys helps organizations understand what external-facing assets (hosts, certificates, web entities, domains, storage buckets, and software) belong to their organization. Censys also provides information on exposed ports, services, and protocols in addition to many other pertinent facts about the discovered assets so an organization can understand their risks associated with these systems.
- Identify threats, vulnerabilities, and risk to assets. Informed by knowledge of internal and external threats, risks should be identified, assessed, and documented. Examples of ways to document them include risk registers – repositories of risk information, including data about risks over time. Ensure risk responses are identified, prioritized, and executed, and that results are monitored.
The Censys Internet Intelligence Platform can provide valuable information on the following risk categories:
- Cloud Misconfiguration
- Device Exposure
- Evidence of Comprise
- Information Leakage
- Name Infrastructure
- Name infrastructure Misconfiguration
- Service Misconfiguration
- Service or Interface Exposure
- Software Vulnerability
- Web App Security Vulnerability
- In addition to the global impact of vulnerabilities, services, ports, protocols exposed, and instances of end of life (EOL) software (SW) within your organization.
PROTECT:
- Protect and monitor your devices. Consider using endpoint security products. Apply uniform configurations to devices and control changes to device configurations. Disable services or features that don’t support mission functions. Configure systems and services to generate log records. Ensure devices are disposed of securely.
Censys helps protect your organization’s digital footprint by providing a comprehensive profile of the IT assets on the internet, empowering defenders with complete visibility into their attack surface and the insights needed to stay ahead of attackers and build more secure solutions.
- Manage and maintain software. Regularly update operating systems and applications; enable automatic updates. Replace end-of-life software with supported versions. Consider using software tools to scan devices for additional vulnerabilities and remediate them.
Censys matches more than 1,433 software fingerprints to software. Censys can also identify end-of-life (EOL) versions of software.
DETECT:
- Monitor networks, systems, and facilities continuously to find potentially adverse events. Develop and test processes and procedures for detecting indicators of a cybersecurity incident on the network and in the physical environment. Collect log information from multiple organizational sources to assist in detecting unauthorized activity.
Censys discovery scans are performed on several schedules based on the popularity of certain ports and networks in the IPv4 address space. Every day, every known service in our entire dataset is evaluated for its age, and any service older than 24 hours is rescanned to verify its accuracy. An organization can have a comprehensive inventory of its internet assets regardless of the network, cloud provider, or account they’re hosted in. Additionally, Censys has integrations with SIEMS, SOARS, ITSM, and Vulnerability Scanning solutions, in addition to offering a mature and robust API. All the data can be exported in various formats i.e. JSON, CSV, Table format, etc.
- Provide information on adverse events to authorized staff and tools. When adverse events are detected, provide information about the event internally to authorized personnel to ensure appropriate incident response actions are taken.
To ensure team members understand fully their cybersecurity posture, Censys has several native reports that provide the appropriate information to an end user based on their role/responsibilities i.e. Executive Report, Attack Surface Overview, Trends and Benchmarks, and Exposure Overview. Aligning to CSF 2.0 helps ensure all play a part in protecting their organization from cybersecurity risks.
Note – The Censys Internet Intelligence Platform can also provide supplemental support to NIST CSF 2.0 RESPOND and RECOVER categories.
References:
Learn More
