Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month
Author: Josh Liebster
Date: October 27, 2022

The NIST CyberSecurity Framework: Detect

In honor of global CyberSecurity Awareness Month, 11:11 Systems has decided to devote an entire blog series to the NIST Cybersecurity Framework (now in version 1.1) — what it is and how it can be used to help protect your business.

As you may or may not know, the core of the framework consists of five functions: “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.” Each function is equally important to a proper security posture. Hopefully you’ve already read our first three installments, including Jim’s introduction to “Identify” and Alex’s breakdown of “Protect” (complete with Greek soldiers!). Here, I’m going to tackle the “Detect” function. 

The NIST Cybersecurity Framework: Detect 

Originally designed for United States government and critical infrastructure entities, the structure, simplicity, and flexibility of the NIST CyberSecurity Framework makes it applicable to any business, large or small, local or international. And while the “CyberSecurity” piece of its name is certainly more SEO-friendly, we must not let it overshadow the equally-important “Framework.” The idea of a framework is critical because it does not convey a rigid, prescriptive set of tasks that must be done in the same way by every organization. Instead, it offers multiple paths or avenues for discussion and readiness assessment in order to meet your company’s business objectives.

This is why NIST goes the extra mile to flesh out its framework, breaking down each of its five functions into categories. When it comes to the “Detect” function in 2022, we’re no longer simply talking about viruses and malware. Security threats are internal and external, technological and human. Being able to discover these threats before they breach your protection or cause damage is key.

Let’s take a look at how the framework chooses to categorize the Detect function, and how your organization can utilize each to enhance its overall security. 

Anomalies and Events

In any network, there are events that happen that aren’t inherently malicious. Your CEO should be logging in to their workstation or mobile device, but should that occur 100 times a minute, or across multiple countries and continents on the same day? Of course not. Activity like that needs to be surfaced as quickly as possible. But because threats can be so complex, individually monitoring systems means you will likely miss correlated security events across assets. This is where event and log aggregation will give you a centralized repository of what is going on across the workloads on your network.

However, with the amount of data that produces, it becomes impossible for even a team of security professionals to interpret directly. Enter your Security Information and Event Management System (SIEM). From a technology perspective, a SIEM can aggregate logs for every tool that generates that data, help set a baseline of expected behavior and data flow (key to the recommendations of the Category), and then use its intelligence to automate the detection and correlation of seemingly disparate events in to target event sets to focus on. Given the volume of alerts, they often need to be interpreted by humans who can triage and prioritize them properly and take action if necessary. Once again, that can occupy teams of professionals all day, depending on the size of your infrastructure.

This is where 11:11’s Managed Security Information and Event Management (SIEM), backed by our 24x7x365 Security Operations Center (SOC), can relieve the workload of your IT team. It provides the technology, people, and processes to help you detect and respond to anomalous events without burdening your staff or needing to hire or train specialized, in-demand employees to run an in-house SIEM.

Security Continuous Monitoring

We are no longer in the age of the nightly antivirus scan. Today, all assets need to be closely and continuously watched. Because all activity, especially network activity, isn’t logged, anomalous network behavior detection is also necessary. 11:11’s Managed Firewall offers that as part of its thorough network protection capabilities, which also includes intrusion detection and prevention, and is still backed by the “always on” SOC.

Add to that your mobile, desktop, server, and container workloads, and you’ve got a lot of malicious (or simply unapproved) activity to watch out for. A solution like Endpoint Detection and Response (EDR) can help, which spans multiple NIST Cybersecurity Framework Functions, covering not just Detect, but also Protect and Respond. Leveraging EDR at its heart, 11:11’s  Managed Endpoint Detection and Response can reinforce your support staff with our own Security Analysts running the SOC.

Just as new vulnerabilities are discovered every day, so must you be vigilant for which ones are present in your environment. 11:11’s Continuous Risk Scanning (CRS) managed service can isolate critical issues and allow you to shore up your workloads before the malicious activity starts.

EDR and CRS on their own can’t be the sole components of Security Continuous Monitoring, as simple things like physical access and unauthorized personnel need to be taken into account to detect all possible attack vectors.

Detection Processes

Not those kind of processes! killall-HUP won’t serve you well here. This category is all about process and communication, making sure requirements are set (and met), responsibilities delegated and accountability defined, and the detection processes are tested, communicated, and assessed for improvement. Just as the malicious actors are continuously looking for vulnerabilities in your people, process, and technology, so must you if you want to be as prepared as possible when intruders try to, well, intrude (and worse).

Detectives On Call

The NIST Cybersecurity Framework can take the seemingly daunting task of providing a complete security solution for your company and simplify it into a clearly outlined set of goals to achieve in the manner and order that best fits your business outcomes. Whether you need to decide on the tools, or have an open discussion on the areas that need improvement, the framework provides the scaffolding that can help you manage your cybersecurity risk in the most complete manner possible. 11:11 Systems is here with a wide array of Managed Security Services to augment your team that touch not only on Detect, but many of the other functions.

And just like you should be continuously revisiting each of the functions and categories to adapt to a changing threat landscape, so is the NIST Cybersecurity Framework. As part of the Journey To CSF 2.0, NIST is once again taking input from a broad base of organizations, from private and public sector to academic. A 2.0 draft is forthcoming in the near future.

Categories: Cybercrime, Ransomware, SecurityBy Josh LiebsterOctober 27, 2022
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month

Author: Josh Liebster

Post navigation

PreviousPrevious post:The NIST CyberSecurity Framework: ProtectNextNext post:The NIST CyberSecurity Framework: Respond

Related Posts

Security
You Can’t Win: Learning to Live with Security Pessimism
March 13, 2023
Building a Championship-Caliber Data Security Strategy
February 15, 2023
Veeam 12
Veeam 12 Preview: Multi-Factor Authentication
February 7, 2023
Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
What is 11:11 Systems?
What is 11:11 Systems? A company built on cloud, connectivity, and security
January 30, 2023
11:11 Systems Wins 2022 Backup and Disaster Recovery Award from Cloud Computing Magazine
January 25, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}