The GISS' approach talks about four supporting pillars: context analysis, resistance, detection and damage control. At Fundaments, we have established 5 similar pillars based on the NIST Cybersecurity Framework, namely: identify, protect, detect, respond and recover. With Fundaments' associated services, you can flesh out each of these pillars (and therefore those of the GISS) and use them to take appropriate measures against a cyber attack. How? You can read about that below.
1. CONTEXT ANALYSIS (IDENTIFY)
Many organisations do not know where they stand when it comes to cybersecurity and security. However, this is quite essential, because to properly secure a Cloud environment and therefore an organisation, it is important to know exactly what the current status of the security level is. What does your Cloud environment look like? Which part of it is critical to business processes? Where are possible weaknesses? The GISS calls this context analysis. At Fundaments, we call this identify. Gaining insight is key, in other words: identifying what's there, what needs to be protected and where the potential risks lie. For these issues, Fundaments offers the Vulnerability Management service. With this solution, you get exactly what the GISS points out, namely:
- Insight into threats
- Insight into your crown jewels
- Insight into your infrastructure
- Simple method for risk analysis
Want to know more? Then read our blog article on identify.
2. RESISTANCE (PROTECT)
Actually protecting and therefore taking measures for proper security falls under the pillar resistance, or as Fundaments calls it: protect.
From its expertise in Cloud, Fundaments can offer a number of measures to optimally protect any Cloud environment, for example by implementing Next Generation Firewalls. In addition, a simple, highly effective measure is available for filtering attack traffic: : the DDoS laundry. This allows you to filter (wash) attack traffic and pass on legitimate traffic. With this, you are optimally protected against DDOS attacks. Lastly, there is a service to protect data by placing it in a second, physically separate and secure location: Back-up as a Service.
Want to know more? Then read our blog article on protect.
3. DETECTION & RESPONSE
Keeping an eye on the implemented security measures and timely signalling cybersecurity incidents is called detection. At Fundaments, we use the same term here. Additionally, Fundaments sees an important role in reacting to an incident afterwards: response.
Every year, many organisations are hacked or suffer a data breach. On average, hackers have months of leeway until these hacks and data breaches are discovered, if they're discovered at all. Even companies that spend thousands of euros on digital security have no idea if a hacker is present on their network. Detection is all about implementing and developing measures to timely identify a cybersecurity incident (and therefore hackers). Fundaments has a simple solution for this: a digital decoy bike.
Everyone is familiar with the concept of the decoy bike. The police place bicycles in places where they are often stolen. There is a tracking system on the decoy bikes. Once a bike thief takes the bike, the police can track down the suspect. In the Cloud world, there is also a digital decoy bike: these are called Honeypots. Honeypots are used to lure and keep hackers and virus creators busy. The Honeypot can pretend to be a normal server or network device and is deliberately made vulnerable to hacker attacks. The Honeypot provides a source of information about new viruses, threats and the hacker. Such digital decoy bikes are often used for investigations and are a proven effective alarm system for businesses.
The General Intelligence and Security Service (GISS) advises in ‘Defensible network, how do you do it?’ to place Honeypots in your network in addition to good security on endpoints (servers and laptops) to detect attackers who proceed with caution.
If an alarm is triggered next, it is important to have all kinds of processes and procedures in place to respond quickly. What does the incident management process look like? Is support prepared for all calls and bells? Are the right people working in the right places to deal with them? All these types of questions need answers. In doing so, forensic investigations and finding the right insights to resolve the incident are crucial.
Fundaments works with partners who can fully unburden and advise you on such issues. These specialists are 100% focused on their core service - security response. The specialists can help with all kinds of security issues, such as a SIEM/SOC solution, forensics, analytics, 24/7 incident response and much more.
Want to know more? Then read our blog article on detect or respond.
4. DAMAGE CONTROL (RECOVER)
After a security incident has occurred, been identified and has been addressed, your Cloud environment may still be damaged or compromised. To return to a working situation in that case, it is important to be prepared. Here, it is crucial that the data from your Cloud is secured and you are prepared to return to a situation before the security incident occurred. At Fundaments, we call this: recover. At GISS, we talk about damage control.
Fundaments offers two solutions to restore a Cloud environment to a normal situation before a cybersecurity incident occurred: BaaS (Back-up as a Service) & DRaaS (Disaster Recovery as a Service). Two primary questions are important in this regard: how quickly will I be back online and how much data can I lose? Thanks to Fundaments, if necessary, you can be back online within seconds with minimal data loss.
Want to know more? Then read our blog article on recover.
Wondering what Fundaments can do for your organisation? Call 088 4227 227 or email info@fundaments.nl.
