News, news analysis, and commentary on the latest trends in cybersecurity technology.
MITRE Releases Tool to Design Cyber-Resilient Systems
Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber-resiliency capabilities.
Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Toward that end, MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems.
The Navigator helps organizations customize their cyber-resiliency goals, objectives, and techniques as aligned by NIST SP 800-160, which outlines standards on developing cyber-resilient systems. MITRE integrated the MITRE ATT&CK techniques and mitigations into the Navigator tool to help engineers understand how the systems they are designing could be targeted.
Resiliency is something that is engineered into the system — it doesn't just happen. The CREF framework guides engineers along four key principles: Anticipate (informed preparedness), Withstand (continue business functions even while under attack), Recover (restore business functions after an attack), and Adapt (change to minimize impact of attack).
The tool makes it possible to search and visualize the cyber-resiliency framework so that engineers can "make educated and informed choices," said Shane Steiger, MITRE's principal cybersecurity engineer, in a statement.
Companies are looking at cyber resilience as part of their strategy to prevent incidents and mitigate losses when they occur, according to Cisco's annual "Security Outcomes Report": A full 96% of executives surveyed named security resilience as high priority. The report identified some actions that helped increase resilience:
Companies that reported implementing a mature zero-trust model saw a 30% increase in resilience score compared with those that had none.
Having advanced extended detection and response (EDR) capabilities correlated to a 45% increase in resilience score for organizations over those that reported having no detection and response solutions.
Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) increased resiliency scores by 27%.
Automated support for organizations interested in building stronger defenses for their critical infrastructure will be available in a future version, MITRE says. "We plan to keep evolving the Navigator as the discipline of cyber-resiliency engineering matures," MITRE's Steiger said in a statement.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024