Since NIST Cybersecurity Framework is the best solution for better prevention, detection, and response to cybersecurity incidents, various organizations have adopted it to safeguard their IT assets.
The 2019 SANS OT/ICS Cybersecurity Survey spells out the NIST CSF as the number one cybersecurity framework in use today. However, it is imperative to consider that how should we comply with NIST CSF in 2020 and beyond? Here is some help!
Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.
Use Case 6: SIEM Security with Artificial Intelligence
SIEM security that is equipped with Artificial Intelligence (AI) and user behavior analytics can deal with internal threats. AI capabilities in SIEM help security professionals to automate tasks that are otherwise manual and repetitive. Doing so can also help to swiftly detect threats and suspicious activities in network traffic and event logs.