How to implement NIST's DNS Security Framework as a foundation for deploying and extending AWS
If public cloud services are part of the IT mix in your choice, NIST's network security framework (CSF) is a great way to evaluate your security levels and this is also is the basis for developing higher levels of security.It gives you real power to share and store information.The NIST CSD identifies five major network security functions – "Define", "Protection", "Detect", "Answer" and "Restore" – to organize the proposed security controls into Workflow can be manipulated. AWS users can use CSF to plan their security and investment strategies for security and optimal protection of information during the sharing and archiving process.
To get you started, check out five top-level CSF functions and identify some of the unique issues you will encounter when applying them to your public cloud deployment to better understand the issues that every the perfect thing. The visibility (or lack of it) is a common theme for each area and that's a problem that needs to be addressed by both you and the provider.
Here are the five CSFs (direct quotes from NIST) that you need to know or refer to:
Develop detailed organizational information to manage network security risks for your system, assets, and data, as well as the possibilities that may occur to remedy the problem– NIST
Understanding your specific cloud deployment to help you better understand and work effectively is of course essential before you can plan and implement your own security strategy. It's harder than you think? Difficulties from the more difficult cloud around a captive data center (where servers can be calculated and controlled for more mature organizations).
Clouds are completely virtual with their own functions, they always change very fast to fit their tasks and the relationship between cloud entities can be very difficult to visualize. If you can not see the core elements of the cloud, you can not determine what to do with them to protect them and ensure what they do.It is essential that the platform you are holding can clarify cloud issues and around your cloud so that you can visualize exactly what is happening so that you can timely respond to these What can happen.
"Develop and implement the most appropriate and appropriate safeguards to ensure the provision of critical infrastructure services and to ensure normal operation with unmatched productivity." – NIST
Choosing the right security tools and services to protect your infrastructure is an essential part of every process. But the difference of the cloud is that recent data breaches due to S3 configuration errors show how easy things are and the need to share some data with third parties? A quick and easy change makes it instantly – but it can also immediately create a big hole for both parties in the process of working with their data.
Continuous automation is one of the most powerful capabilities of your platform to keep up with the latest developments and also a unique ability to help your platform grow stronger. Tracking the security posture of thousands of other unusual cloud entities is beyond the reach of everyone – so your platform will do and track them for you.
"Develop and implement appropriate actions to determine the occurrence of a cyber-security incident to keep you safe in the safe area." – NIST
The last three CSF functions shifted the purpose from "planning and preparation" to "answering problems.
" The NIST "detection" function includes controls to improve coverage, reduce detection time, and evaluate the severity of the event.
If you are familiar with AWS CloudTrail, you know that you have a lot of data about cloud activity in all your work processes as well as your storage needs.Missing data is not a problem – but understanding what you have is another matter. By automatically analyzing AWS CloudTrail data to eliminate fake alerts, you can not make critical accidents – quickly and decisively.
"Develop and implement appropriate actions to perform actions related to cyber-security events detected." – NIST
Responding to a network security incident is like being a bit defensive with a counterattack.It's chaotic, stressful and difficult to understand – and if you do not understand the enemy's initial attack, your success rate is low. On AWS, understanding problems is a big challenge for you to solve them quickly: you have a lot of data (AWS records everything) but analyzes that data to understand the skills and the time required for the job is very important.
You need a strong background in correlative data from around the AWS to clarify who, what and how to best understand possible issues and work more effectively. That way, you will have a clear guide to how to respond, develop strategies, mitigate risks, assess impact, and provide the latest updates to stakeholders technical and non-technicalas well as the arts.
“Developing and implementing appropriate actions to sustain plans for resiliency or service degradation is essential to support all normal operations due to network security incidents.”This is also a problem. It's important to get things back on track after a crash. " – NIST
The last CSF function handles two commands: restoring your system (and any third party systems affected by the attack) to support your operations well after the incidents and integrations. What you have learned in your secret security framework correctly.Your platform must be able to provide complete and accurate images of your payments. Without it, restoration efforts may not be completed quickly and coordinated with affected parties with other intact in the process. It is always a challenge.
Organize and guide cloud security
Applying NIST's CSF framework for your AWS deployment is a good way to organize and guide comprehensive cloud security for you while you work. Use it to identify gaps, organization and direction for your purposes and guide your security investments to track the needs of AWS. Having a platform capable of leveraging the available data from AWS will go a long way towards meeting the goals set in NIST's CSF.