As cyber threats continue to evolve and become more sophisticated, protecting identities and access has never been more critical. To help organizations manage digital risks, the National Institute of Standards and Technology (NIST) has provided essential guidance since 2014 with its Cybersecurity Framework.
This year, NIST releases Version 2.0 of the Framework, placing a stronger emphasis on identity security and recognizing it as a foundational element of any organization’s security strategy. This post examines these aspects of the Framework and shows how Silverfort can help organizations align with the updated guidelines.
Table Of Contents
Understanding the Purpose of the Framework
NIST’s Cybersecurity Framework has its origins in Executive Order 13636, issued in February 2013 and directing the Institute to lead the development of a framework to reduce cyber risks to critical infrastructure. The subsequent Cybersecurity Enhancement Act of 2014 spelled out more specific requirements, including a mandate for NIST to develop “a voluntary, consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures, and processes.” NIST published Version 1.0 of the Framework in 2014 and released an update in 2018. Version 2.0 was released in draft form on August 8 of this year and is currently open for public comment until November 4.
The Framework is intended to reduce cyber risks by providing a structure that organizations can use to understand, assess, prioritize, and communicate their cybersecurity efforts. This structure is represented by six categories, called Core Functions, designed to help an organization benchmark its current cybersecurity posture and plan new initiatives. Version 1.0 included five categories (Identify, Protect, Detect, Respond, and Recover) with Version 2.0 introducing a sixth (Govern). This new category represents the Framework’s increased focus on people and processes, with recommendations around roles and responsibilities to improve oversight and reduce risk.
Drilling Down into Core Functions: Examining Specific Subcategories
In the NIST Framework, each Core Function is further divided into various subcategories that outline specific outcomes related to that function. These subcategories provide granular guidance to help organizations prioritize actions and manage cybersecurity risk in a structured way. Silverfort’s Unified Identity Protection platform can help address several important subcategories through its ability to extend modern identity security controls to any user and resource.
Silverfort Can Identify All Users in the Environment
The purpose of the Framework’s Identify Core Function is to help organizations determine their current cybersecurity risk. One of the key subcategories is Asset Management (ID.AM):
“Assets (e.g., data, hardware software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.”
Silverfort can assist organizations here through its ability to discover and protect a key asset that is often unmanaged in the environment: service accounts. Organizations often lack full visibility into service accounts and how they’re being used, making it difficult to detect unauthorized access or malicious activity stemming from them. This is because there is no utility that can easily identify the service accounts in an environment.
Silverfort’s platform can automatically discover and secure all service accounts by detecting any account that displays repetitive, machine-like behavior. Once detected, Silverfort can monitor these accounts and all of the places they authenticate to, providing security teams with real-time insights into their activity and level of risk. Silverfort also provides ready-to-use access policies tailored to each service account based on its behavior, with any deviation immediately detected — resulting either in blocked access or an alert sent to the security operations center (SOC) team.
Silverfort Can Protect Every Authentication & Access Request
The purpose of the Framework’s Protect Core Function is to suggest safeguards that organizations can implement to prevent or reduce cybersecurity risk. A critical subcategory here is Identity Management, Authentication, and Access Control (PR.AA):
“Access to physical and logical assets is limited to authorized users, services, and hardware, and is managed commensurate with the assessed risk of unauthorized access.”
Silverfort can help here through its ability to extend multi-factor authentication (MFA) to any resource, even those considered “unprotectable” such as command-line tools and legacy applications — thus ensuring that every access point is limited to authorized users. MFA means requiring a second factor in the authentication process by asking users to verify their identity before access is granted, for example, by responding to a push request sent to a mobile phone. This is why MFA is considered 99.9% effective in preventing account takeover, because even if a user’s credentials are compromised an attacker would be unable to use them for unauthorized access.
Silverfort Can Detect Anomalous Activity with Continuous Monitoring
The purpose of the Framework’s Detect Core Function is to suggest strategies organizations can employ to find and analyze possible cybersecurity attacks and compromises. An important element here is the ability to employ Continuous Monitoring (DE.CM):
“Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events.”
Due to its integrations with every identity provider (IdP) – especially Active Directory – Silverfort can see every authentication taking place across a network, giving the platform the ability to continuously monitor all access requests, whether on-prem or in the cloud. Being able to see all activity means that Silverfort can build a sophisticated risk analysis engine to determine the legitimacy of every authentication happening, meaning that organizations can detect and respond to potential security threats in real time — including blocking the access of any accounts (both human and machine) that display anomalous behavior.
Silverfort Can Respond to Potential Threats Automatically
In the NIST Framework, the Core Function of Respond focuses on actions to take once a cybersecurity incidentis detected. Silverfort can provide value here through its capabilities around Identity Threat Detection & Response (ITDR), an emerging security category that addresses the protection gap of the identity attack surface. Due to its native integration with every IdP, all access requests are forwarded to Silverfort for real-time risk analysis. If anomalies are detected, Silverfort can require MFA and thus automate a validation process that would otherwise require input from the SOC team.
Identity protection has long been a fundamental element of cybersecurity strategy, albeit historically focused on endpoint and network protection. But it’s important to realize that identity itself represents a major attack surface, with threat actors increasingly targeting systems by using compromised credentials. Implementing measures to secure all identities, enforce MFA everywhere, and apply continuous risk assessment can bolster an organization’s cybersecurity posture and better align with the proactive approach advocated by the NIST Framework.
Want to learn more about how Silverfort can help with your identity protection challenges? Contact one of our experts today.