Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Beyond the NIST Cybersecurity Framework

In the wake of new compliance guidelines, now is the time for critical infrastructure organizations to upgrade their industrial security posture.

National security for any nation depends on the reliability and continuous operations of its critical infrastructure. Increased complexity and connectivity of critical infrastructure systems are exposing them to cybersecurity threats which put their safety and reliability at risk.

Why was the NIST cybersecurity framework created?

The National Institute of Standards and Technology (NIST) Framework was created through a collaboration between the U.S. federal government and the private sector, in response to presidential executive order 13636, “Improving Critical Infrastructure Cybersecurity.” This voluntary framework consists of standards, guidelines and best practices to manage cybersecurity-related risk. The cybersecurity framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

In the most recent NIST report from the National Cybersecurity Center of Excellence (NNCoE), researchers investigated the use of behavioral anomaly detection (BAD) capabilities in industrial control systems (ICS). NIST is a strong proponent of anomaly detection for finding behaviors and potential attacks that do not yet have a signature associated with it. Typically, these types of attacks are targeted strikes not seen widely enough to develop a signature, or attacks involving zero-day exploits.

NIST endeavors to provide guidance based on the threat landscape at that point in time, while also trying to not make it overly complicated or cumbersome for operators to follow the guidelines. To that end, this paper does an important service, namely to promote anomaly detection as an essential tool in cybersecurity. At the same time, and due to the shifting landscape in ICS security, many organizations are looking to go beyond what NIST suggests, stressing that anomaly detection is clearly not enough. As a result, organizations are proactively deploying additional ICS security to keep their systems current and more secure from the next threat that is coming their way.

Beyond NIST: Protecting critical infrastructure from cyber threats

In looking beyond NIST, there are some significant steps you can consider that will: (a) increase your visibility across the entire organization; (b) improve your security stance both now and into the future; and (c) put you in control by identifying and mitigating threats and unacceptable risk. These include:

Deep threat detection
Deep threat detection uniquely combines network anomaly detection with policy-based detection. By leveraging both statistical network behavior analysis and policy rules, deep threat detection technology finds more threats and risks, faster, and with fewer false positives. Anomaly detection identifies stealthy deviations in network behavior from the statistical baseline. This capability should be complemented by a policy detection engine, which strictly enforces deterministic rules based on security policy. This holistic approach safeguards networks from known ICS threats, as well as protecting against the next malware incident that has yet to be released in the wild.

Active device mapping
Network traffic monitoring only provides half of what's needed to secure ICS environments; the other half has to provide additional asset-related data. Indeed, the NCCoE report advocates for an agent-based approach to be considered for securing workstations, but obviously it cannot be used for industrial controllers simply because it cannot be loaded on them.

Furthermore, while some attacks traverse networks, many more can occur on devices. For example, PLC operators may physically connect to (and infect) an operational technology (OT) environment when performing maintenance. Other devices may remain dormant and never send traffic over the network. In both instances, network-only monitoring will not detect the threat.

Active threat hunting is an integral part of a comprehensive hybrid threat detection engine and should work in conjunction with passive network monitoring. Using the devices’ native communication protocols, OT-specific security solutions can discover, classify and query all ICS assets for their configuration – even those that are not communicating in the network.

Automated vulnerability and inventory management
With new ICS vulnerabilities regularly being published, it is essential to identify devices at risk and quickly address the vulnerability before it is exploited. Industrial organizations require detailed and up-to-date asset inventories to determine which devices are affected by known vulnerabilities. By automating inventory management, you’ll gain an understanding of each device's function and its exact classification within the ICS network. Device analysis should consider firmware and OS versions, open port list, default passwords and the device's role. This creates an actionable and prioritized risk analysis that allows you to quickly address new vulnerabilities when they are announced.

Staying ahead of the curve

The old adage has never held truer: “the only thing that is constant is change.” With the quantum shifts occurring in critical infrastructure and other industrial environments, NCCoE’s papers as well as NIST guidelines are essential to the ICS security ecosystem, and their recommendations continue to evolve.

Looking beyond NIST to secure your industrial environment not only ensures that you are employing best security practices but also positioning your organization to be forward-compatible to future threats that are just on the horizon.

For more information on upgrading your ICS security, check out the Tenable.ot guide to “Adhering to the NIST Framework,” which details ways to improve visibility and reduce risk across your critical infrastructure.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training