NIST + Govern = A Welcome Addition
By Martin Roesch, CEO
Netography has always believed that cybersecurity activity should align with an organization’s risk management and legal requirements. Governance is one of the key use cases that our customers demand from Netography Fusion, which puts us well in step with NIST’s recent announcement to add Govern as a core function of its Cybersecurity Framework.
And while the addition of “govern” to NIST’s core functions is a welcome inclusion, there are challenges that are likely to persist due to the complex nature of cybersecurity and the evolving threat landscape. Netography is in a position to help mitigate some of these challenges. Let’s take a look at a few of these challenges:
- Implementation Complexity: Organizations need to understand how to apply governance principles to their specific environments, especially if they have diverse technologies, systems, and processes. Our customers report that deployment happens within minutes, without sensors or agents, making it possible to quickly gain access to actionable data and insights. Furthermore, we can help identify system misconfigurations and alert teams before those gaps lead to attacks.
- Resource Constraints: It’s true that many enterprises, and especially smaller organizations, lack the people, technology, budget, or expertise to continuously monitor all activity on their network which can make establishing and maintaining robust cybersecurity governance an extra challenge. Netography Fusion is a cloud-native Network Defense Platform (NDP) that unifies governance policies across all legacy, on-premises, hybrid, multi-cloud, and edge environments making visibility across the whole network easily accessible without heavy lift or additional resources.
- Rapidly Evolving Network Security Architectures: I frequently describe Zero Trust as a “Faustian bargain” – you need it, but what do you have to give up to get it? Teams need real-time awareness of the composition and activities of the participants in their networked environments – which include users, applications, data, and devices – and the combination of Zero Trust and migration to the cloud have largely rendered traditional methods involving packet inspection ineffective. An NDP can contextualize all of these participants and provide teams with actionable intelligence used to inform and validate policy decisions.
- Social Media Governance: From data privacy and security concerns, to overall account and device security, to reputation and crisis management issues, social media is truly a Pandora’s box of its own challenges for organizations, let alone a challenge to regulatory compliance and integration into its overall governance efforts. Organizations have to decide what, if any, access to social media platforms should be allowed. Visibility into the activity for each application by device is a key ingredient to effective enforcement. Netography provides this level of granularity making it possible to limit usage of Twitter, Facebook, LinkedIn, TikTok, Instagram, Reddit and Tinder.
- Measurement and Reporting: Measuring the effectiveness of cybersecurity governance can be challenging. With an NDP, governance risk compliance teams can utilize built-in or customized dashboards for streamlined audits and proof of enforcement for reporting to auditors, regulators, or Board committees.
The NIST Cybersecurity Framework provides a strong foundation for organizations and signals much-needed recognition of the important role that governance plays in today’s network threat landscape. Enterprises should take this as an opportunity to implement comprehensive and actionable guidelines that are backed by tools that will enhance their overall security posture.