November 30, 2023

Cybersecurity frameworks, compliance and risk – are we there yet?

Are we there yet?

While kids drive their parents nuts with this phrase, it could just as easily be used by board members or senior management when asking the CIO or CISO about their cybersecurity readiness. Cybersecurity feels like a never-ending journey with the promise of the right mix of solutions to deliver that ‘peace of mind’ outcome, always just around the corner.

The challenges are numerous and well-documented:

The reality is cybersecurity isn’t about ‘getting there.’ It’s a proactive, always-on discipline or ritual with the safety of the organisation at the core and responsibility shared by every employee, contractor, student, or supplier.  While security compliance frameworks haven’t been compulsory within every industry, the Australian government’s move to mandate The Australian Signals Directorate (ASD) Essential Eight for all government entities suggests that broader compliance requirements may be on the horizon for the private sector.

When success means nothing bad happens, frameworks like the ASD-8 and NIST have helped boards and management ask better questions of IT teams; such as ‘Are we safer this year than last year?’ rather than ‘Are we safe yet?’.

The framework you choose is important. Equally important is aligning your solutions and cybersecurity maturity level with your chosen framework so you can easily identify and rectify gaps.

For a vendor like Cisco that offers a large and comprehensive suite of security solutions, it can be helpful to understand how individual solutions can support the implementation of frameworks that reduce cyber risk.

As an example, aligning Cisco’s cybersecurity portfolio against elements of the ASD-8 either in an assist or compliant capacity might look like:

  1. Application Whitelisting: [Assists] Cisco Umbrella’s Application Settings organises SaaS applications into categories based on the type of processes or services provided. For example, shopping, education, or human resources. You can limit identity access to applications by selecting applications you want Umbrella to block.
  1. Patch Applications and Patch Operating System: [Assists] Cisco Duo assists with the Patch Applications mitigation strategy by allowing you to block user access when plugins are out of date. You can specify a grace period during which users may continue to authenticate with older versions. Cisco Vulnerability Management also assists by raising the profiles of risky/executable vulnerabilities, so companies can focus on resolving them first.
  1. Restrict Administrative Privileges and Use Multi-Factor Authentication: [Compliant] Cisco Duo is a multi-factor authentication (MFA) product that ensures only authorised users can access systems. It provides insights into which users have privileged access and helps manage user rights across the system, so you can administer the principle of least privilege and limit the risk of compromised or misused admin accounts.
  1. Configure MS Office Macro Settings, User Application Hardening, and Configure Web Browsers:
    • MS Office Macros[Assists] Cisco Secure Email assists by implementing email and web content filtering to inspect incoming Microsoft Office files for macros, and block or quarantine them as appropriate.  With Advanced Malware Protection in Secure Email, Cisco AMP performs a file reputation lookup providing immediate protection against active campaigns with already-seen malicious attachments.
    • User Application Hardening[Assists] Duo can establish application policies depending on the presence of Java or Flash. Additionally, Duo can block access if it identifies any versions of Java or Flash, restricting access to only the latest or most up-to-date versions. In cases where users try to access resources with older versions of Flash or Java, Duo can initiate a prompt urging them to update the plugin before gaining access.
    • Proactive Protection[Assists] Closing attack pathways before they can be exploited is a key strategy for preventing compromise. AMP’s vulnerable software feature shows you all the software on your endpoints that can be exploited, with the ability to use application control to harden against attacks. AMP’s low prevalence capability detects targeted malware and prevents it from slipping under the detection radar.

If you were more aligned to NIST, then it might look like this:

  1. Identify: At this stage, the goal is to understand the cybersecurity risks pertaining to an organisation’s systems, people, assets, data, and capabilities. Understanding the business context and risk management processes are primary factors. In this case, Cisco’s ISE, an identity-based network access control and policy enforcement system, functions as a common policy engine that enables endpoint access control and network device administration for enterprises. On top of this, Cisco Duo also helps organisations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications.
  1. Protect: This involves implementing appropriate safeguards to ensure vital services and systems are adequately secure. Cisco provides a wide range of products for protection at various levels across your environment, from the user to the application. Key focus areas here are Cisco Secure Firewall, Cisco Secure Endpoint and Cisco Duo – which cover your users, applications, and devices.
  1. Detect: Continuous monitoring and rapid detection of cybersecurity events can help minimise damage. Cisco’s Extended Detection and Response (XDR) delivers visibility into data across networks, clouds, endpoints, and applications while applying analytics and automation to detect, analyse, hunt, and remediate today’s and tomorrow’s threats.

    Cisco Secure Network Analytics monitors and detects suspicious traffic throughout your network infrastructure using artificial intelligence (AI), machine learning (ML), or other non-signature-based techniques. Cisco’s Endpoint Detection and Response (EDR) solution, Secure Endpoint, continuously monitors and collects data at endpoints then executes rules-based automated responses. EDR is an endpoint security offering that helps to protect an environment’s perimeters.
  1. Respond: Upon threat detection, organisations need to have a well-established procedure in place to contain the incident and mitigate its impact. Cisco XDR playbooks capability automates response actions to reduce the path from initial detection of a threat to the execution of a timely response. XDR threat response integrates threat intelligence from Cisco Talos and third-party sources to provide enriched context and help IT security teams take swift action.
  1. Recover: Cisco Talos Incident Response (CTIR) provides a full suite of proactive and emergency services to help you prepare, respond, and recover from a breach. CTIR enables 24-hour emergency response capabilities and direct access to Cisco Talos, the world’s largest threat intelligence and research group.

At a more informal level, Cisco has also organised its products into four key categories:

A useful question to ask is – in which of these areas are you most and least comfortable with your level of cybersecurity maturity?

1. User Protection

Identity is the new perimeter. Users often find themselves dealing with confusing and disjointed experiences accessing private applications, public applications, and VPNs. Despite continued efforts from IT teams to educate users, stolen credentials are involved in 61% of all breaches, but constant re-authentication frustrates users and impacts productivity.

Users need to be protected against all attack vectors while seamlessly and securely connecting to the resources they need anytime, anywhere. Not in a way that slows them down – just log-in and get to work.

The four solutions in Cisco’s User Protection Suite – Cisco Secure Access, Secure Email Threat Defence, Cisco Secure Endpoint and Cisco Duo – enable you to simplify the delivery of zero trust and provide frictionless security.

2. Cloud Protection

When it comes to Cloud, the challenge is protecting and managing applications and data, often across multi-cloud environments, whilst maintaining security and scaling existing and new lines of business.

This presents a number of challenges:

The five solutions in Cisco’s Cloud Protection Suite – Cisco Multicloud Defense, Cisco Vulnerability Management, Cisco Secure Workload, Cisco Attack Surface Management and Cisco Cloud Application Security – deal with workload and application security, helping to manage complexity and provide visibility.

3. Breach Protection

Digital crime is a growing industry and many organisations struggle to keep up with the onslaught of sophisticated attacks that cause trillions of dollars of damage every year. Cisco’s Breach Protection suite cuts through the clutter of disconnected tools and controls. It unifies protection, making it easier for security teams to simplify operations and accelerate incident response across the most prominent attack vectors. This includes email, endpoints, network, and cloud environments.

It addresses challenges faced by security analysts with a cloud-native, extensible approach that brings data from multiple security tools and applies machine learning and analytics to arrive at correlated detections. Additionally, it allows for guided remediation actions to mitigate threats.

Moreover, Cisco’s Breach Protection Suite – which comprises Cisco Extended Detection and Response (XDR), Cisco Email Threat Defence, Cisco Secure Endpoint, and Cisco Secure Network Analytics – brings your email, endpoint, network, and cloud environments together. It integrates Cisco security portfolio solutions with select third-party tools, and layers in underlying threat intelligence from Cisco Talos to enrich incidents with added context and asset insights. This lets you quickly detect and prevent advanced attacks such as phishing, ransomware, insider threats, unknown malware, and data exfiltration. 

4. Network Protection

The way we work has changed. There is no longer a single control point in the network to secure our users, data, and applications.

Cisco Secure Firewall is the central guard for strong security in different areas. It provides top-notch security controls everywhere you need them. This includes ensuring you can always see what’s going on, keeping rules in line, and managing everything together to strengthen your security setup. Unlike other firewall providers, Cisco Secure Firewall sees more, even in encrypted traffic, and has tightly integrated network and application security capabilities. It helps reduce complexity, regain control, and drive efficiencies at scale to provide your customers with the ultimate line of defence.

So, how do we get there?

We often speak to business leaders who say their cyber security obligations are unclear or hard to follow. We agree. It can be complex and overwhelming, especially with so many new threats and changes to frameworks. In a time where the stakes have never been higher, clarity and simplicity are invaluable.

Data#3 is a Cisco Master Specialised Security and Networking Partner and Global Partner of the Year for Software (2023) and the Global Partner of the Year for Security (2022). We’re ready to walk you through many advanced, yet simple solutions to protect your data, systems, and organisation.

Contact our security team, or visit our website to find out more about our security offerings.