This week, we are covering the third function of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework 2.0 (CSF) - Detect!
The Detect function focuses on identifying and analyzing potential cybersecurity incidents in a timely manner. This enables organizations to quickly discover and analyze anomalies, indicators of compromise, and other potentially adverse events that may signal cybersecurity attacks or incidents. This function is crucial for enabling prompt responses and minimizing potential damage.
The Detect function comprises two main categories: continuous monitoring and adverse event analysis. Continuous monitoring of cybersecurity events allows organizations to verify the effectiveness of their protective measures. Analyzing anomalies and other potentially adverse events allows organizations to characterize them and detect cybersecurity incidents.
In 2020, Alibaba experienced a significant data breach involving the personal information of over 1.1 billion users. The breach was discovered when a database containing this sensitive data was found exposed online. The compromised information included names, phone numbers, and other identifying details. The attackers had access to the network for several months before being detected. This prolonged access allowed the attacker to gather a significant amount of sensitive information. This incident shows the need for companies to practice the detect function.
Organizations can implement detection in a variety of ways. This can include monitoring computers, networks, and other assets for unauthorized access, devices, or software, investigating any unusual activities on the network or by staff, checking networks for unauthorized users or connection, and using Privileged Access Management (PAM) solutions to detect unusual access patterns or unauthorized attempts to access privileged accounts.
By effectively implementing the Detect function, organizations can identify potential cybersecurity threats early, enabling them to respond quickly and minimize the impact of security incidents.
We will be back next week to continue this conversation about the NIST CSF, covering the Response function. For now, check out our solutions page to find out more about how CyberZek can help you monitor your network!