In the past year, Claroty has found that across industries and sectors, cybersecurity incidents are on the rise. Claroty’s Global State of Industrial Cybersecurity revealed that 37% of cyber attacks impacted both IT and OT, up 10% from 2021. And according to Claroty’s 2023 global healthcare cybersecurity study, 78% of health systems have experienced at least one cybersecurity incident within the past year and 60% reported that these had an impact on patient care.2 Additionally, nearly a third of respondents reported that their building management systems (BMS) were affected.
With these statistics in mind, it’s vital that enterprises seriously evaluate how they are protecting their cyber-physical systems (CPS) in the wake of increased cyber attacks affecting their environment.
The comprehensive set of guidelines released by the US National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) have been instrumental in helping critical infrastructure owners and operators reduce their cyber risk.
With the recently released NIST Cybersecurity Framework 2.0, it’s time to evaluate how your organization complies with the updated guidelines. To gain a better understanding of what these guidelines are, how to adopt best practices in your organization, and how Claroty xDome incorporates their recommendations into the platform, continue reading below.
What is NIST CSF 2.0?
The original NIST CSF framework was organized into 5 core functionalities, each with its own processes and procedures designed to secure CPS: Identify, Protect, Detect, Respond, and Recover. Within each category are additional sub-categories intended to further implement appropriate processes.
What differs in the updated NIST CSF 2.0 is the addition of a sixth category: Govern. With the addition of this sixth functionality, the descriptions of each function of the NIST CSF 2.0 guidelines look like this:
Identify (ID): Includes an overall understanding of the organization and the operational context, assets, resources, capabilities, and risks. These are used to ensure that cybersecurity efforts are focused and prioritized with existing risk management strategies and objectives of the organization.
Protect (P): Develops and implements the right safeguards that allow for the delivery of critical services, including supporting the ability to contain the impact of potential cyber incidents.
Detect (DE): Implements appropriate controls to enable the timely and accurate discovery of cybersecurity events.
Respond (RS): Allows for suitable activities acting in response to a detected cybersecurity incident, making it possible to contain the impact.
Recover (RC): Maintains plans for resilience and restoration capabilities impaired due to a cyber incident. This includes timely recovery to normal operations and impact reduction.
Govern (GV): Provides context that helps organizations monitor their cybersecurity risk management, strategy, expectations, and policy. This function is described by NIST as “cross-cutting” and designed to help security teams prioritize the outcomes of the other five functions.
Although NIST CSF regulations are well known and adopted at a high rate, there is significant variation in the maturity levels and adoption rates for each function among enterprises. Many organizations adopt a more responsive strategy that could be enhanced by a better understanding of the best practices, processes, and procedures for proactive application of NIST across their business. Despite the widespread implementation of NIST in existing IT security procedures and controls, organizations may still require supplementary strategies for the protection and security of their CPS.
How Claroty Incorporates NIST CSF 2.0 Guidelines
Claroty xDome supports all six core functionalities of NIST CSF 2.0. The following explores the methods Claroty xDome employs to mirror the guidelines outlined above.
Identify (ID)
Claroty xDome is able to identify the data, personnel, devices, systems and facilities within an organization through asset management, risk assessment, and exposure management. Our solution supports the core NIST function of identity in several ways, such as:
Asset Management: Discover all network-connected devices with in-depth device profiles, including criticality, impact, and device lifecycle information.
Risk Assessment: From customizable dashboard for security, compliance, and clinical engineering reams to tracking logging in surrounding admin activity, risk assessment helps to support an overall view of vulnerabilities and risks.
Exposure Management: This solution continuously updates support as new vulnerabilities are uncovered. This ensures that exposure management improvements are implemented immediately. Access metrics to easily enable the ability to track security program improvements over time.
Protect (PR)
With Claroty xDome, access to physical and logical assets is limited to authorized users, services, and hardware. With cybersecurity awareness training, robust data security that’s in line with an organization’s risk strategy, and platform security, Claroty xDome provides organizations with comprehensive protection.
Identify Management, Authentication, and Access Control: Claroty Secure Access provides security, control, and access to support a complete zero-trust approach, with both Identity Access Management (IAM) and Remote Privileged Access Management (RPAM).
Awareness and Training: Claroty’s implementation and customer success team takes a personalized approach to ensuring end users of the product are fully trained and know how to use the product.
Data Security: By mapping all device communications and continuously monitoring for anomalous behavior, Claroty xDome helps prevent data leakage. This allows you to enforce policies across your healthcare network to protect confidentiality, integrity, and availability.
Platform Security: Asset discovery features provide comprehensive device profiles helping to identify outdated firmware, operating systems and more in order to ensure continuous monitoring of devices to ensure platform security.
Technology Infrastructure Resilience: By allowing the ability to utilize zero-trust architecture and network segmentation, Claroty xDome supports infrastructure resilience and ensures only necessary communication.
Detect (DE)
Claroty xDome is able to monitor, analyze, and detect anomalies, indicators of compromise, and other potentially adverse events.
Adverse Event Analysis: xDome’s Advanced Anomaly & Threat Detection module offers an end-to-end workflow for identification, detection, and remediation. A robust alerting engine that detects anomalous behavior, communications, and device changes is customizable to your organizational risk tolerance.
Continuous Monitoring: The module’s continuous monitoring capabilities are able to detect anomalous behavior, network threat signatures, and other indications of compromise.
Respond (RS)
When threats or potential incidents are detected, Claroty xDome responds swiftly. This response is coordinated with internal and external stakeholders as required by laws, regulations, or your organization’s policies.
Incident Management: In order to resolve incidents as they arise, Claroty xDome prioritizes vulnerabilities, exposures, and alerts and assigns them to owners or working groups in the platform.
Incident Reporting and Communications: Predefined reports and automated risk recommendations help in incident reporting and cross-functional communications. These reports can be customized and scheduled to run, and sent to key stakeholders on predefined intervals.
Incident Analysis: For comprehensive identification and analysis of incidents as they arise, Claroty xDome identifies known and unknown IoCs with detailed information on any suspicious behavior.
Mitigation: Built to support an end-to-end cybersecurity program, Claroty Secure Access and xDome view the full context around incidents, how assets are communicating, implementing segmentation policies, and limiting damages from compromised third-party credentials. These insights are then fed into additional incident response tools.
Govern (GV)
As the most recent addition to the NIST CSF 2.0 guidelines, functions to govern have been baked into Claroty xDome’s comprehensive cybersecurity offering. Effective measures take into consideration the mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements of an organization’s cybersecurity risk management.
Organizational Context: Risk scoring and vulnerability assessment reporting ensures support aligns with your organization’s expectations and goals.
Risk Management Strategy: Provides tailored risk scoring for each organization, site, and device, including the ability to assess overall security postures and other forms of measurements of risk and threats in order to prioritize risk tolerance.
Roles, Responsibilities, and Authorities: xDome supports role-based access controls to enable the right data and access based on the end user’s roles and responsibilities, in addition to the creation of customized dashboards and reporting to support tailored performance assessment and improvement based on role.
Policy: From risk reduction approaches to network segmentation enforcement across NAC & Firewalls, Claroty xDome supports the creation and enforcement of policies across CPS devices.
Oversight: Each aspect of Claroty xDome can be tracked directly within the platform - including network segmentation projects to medical device operational efficiency metrics.
Cybersecurity Supply Chain Risk Management: Get specific expertise on keeping supply chains secure and establishing effective processes.
Prioritize Compliance with Claroty xDome
The recent updates to the NIST CSF framework is good news for enterprises strengthening their cyber resilience. Partnering with a CPS protection platform like Claroty ensures that your organization is following best practices in compliance while utilizing a unified platform with those guidelines built into the product.
If you are interested in learning more about how Claroty supports the NIST cybersecurity framework and sets the foundation for comprehensive cybersecurity, check out our white papers dedicated to the healthcare industry and also industrial sectors, or simply, contact our team for a demo.
