Remember when your devices were relatively few, static and accessed data on the network only through a firewall? Barely, right? Those good old days are forever gone as the number of corporate endpoints have multiplied, are sourced from several manufacturers and come with different operating systems. Not to mention users now also access corporate networks from their own devices through applications that are too numerous to count.
Likewise, security has as many challenges as endpoints. Thankfully, the NIST Cybersecurity Framework (NIST CSF) is available, and with it a set of practices you can use to identify the endpoints that play host to sensitive data and compromises that lead to data loss. To secure your devices, apps and data, you’ll want to start with smart asset management. Follow these 3 easy steps.
If you’re looking for more information on NIST CSF and its first foundational pillar, Identify, check out my quick video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
You can also read my detailed look at the Identify pillar of NIST CSF in my blog post. First: See Everything.
Hey! Josh here from Absolute. I'm back!
And in this week's episode we're going to go deeper into the first pillar of the NIST Cybersecurity Framework: Identify
OK - stay with me... Once upon a time the network was a dense nucleus.
It was the home of all of our data. Everything else swirled around the network nucleus. Now, however, endpoints are escaping the gravitational pull of the network. When that happens, all kinds of atomic instability follows.
Here, NIST enters the stage, to help identify all those far-flung devices which is the new place data calls "home".
The "Identify" category, begins with "Asset Intelligence", which goes much deeper than inventories. To probe devices for critical details to ensure they line up with their ultimate purpose.
Consider other assets... You don't think about desks as brackets, wood, screws, and paint. Instead you synthesize those parts and think about how the resource is used: Jane's work space.
The same is true with our IT assets. And when you pair "Asset Intelligence" with that "Business Environment" then we start to get somewhere. Because companies are like snowflakes: They are all composed of the same material but configured in unique ways.
The "Business Environment" is the "where" that supplements the "what" of "Asset Intelligence". With both in hand, we have the key ingredients to figure out what should happen in context.
And that's "Governance". Which centers around policy: the bedrock of all security programs. Because at its core policy says: "This can do that; that cannot do this". It's tempting - it is - to gloss over policy to leap down to specific controls. But if we do that, we're just going to end up with thousands of controls divorced from their true security intent, which only adds tangles to the complexity.
Finally, we have to connect these internal ingredients - Asset Intelligence, Business Environment, Governance - to the external world that's filled with risks. When we identify what we have, we drag risk to the floor, because we're no longer flying blind.
To get to any destination, you must first know where you are. That's why NIST, pointedly, starts with "Identify". Next time we'll dive deeper into the second action of NIST: Protect
For now, get out there, unmask hidden endpoints and enjoy the view when you can see everything.
Drop your comments below, and subscribe because you won't want to miss what's coming next. I'll see you next time.