Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
News, news analysis, and commentary on the latest trends in cybersecurity technology.
MITRE Releases Tool to Design Cyber-Resilient Systems
Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber-resiliency capabilities.
2 Min Read
Source: Ivan Kmit via Alamy Stock Photo
Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Toward that end, MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems.
The Navigator helps organizations customize their cyber-resiliency goals, objectives, and techniques as aligned by NIST SP 800-160, which outlines standards on developing cyber-resilient systems. MITRE integrated the MITRE ATT&CK techniques and mitigations into the Navigator tool to help engineers understand how the systems they are designing could be targeted.
Resiliency is something that is engineered into the system — it doesn't just happen. The CREF framework guides engineers along four key principles: Anticipate (informed preparedness), Withstand (continue business functions even while under attack), Recover (restore business functions after an attack), and Adapt (change to minimize impact of attack).
The tool makes it possible to search and visualize the cyber-resiliency framework so that engineers can "make educated and informed choices," said Shane Steiger, MITRE's principal cybersecurity engineer, in a statement.
Companies are looking at cyber resilience as part of their strategy to prevent incidents and mitigate losses when they occur, according to Cisco's annual "Security Outcomes Report": A full 96% of executives surveyed named security resilience as high priority. The report identified some actions that helped increase resilience:
Companies that reported implementing a mature zero-trust model saw a 30% increase in resilience score compared with those that had none.
Having advanced extended detection and response (EDR) capabilities correlated to a 45% increase in resilience score for organizations over those that reported having no detection and response solutions.
Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) increased resiliency scores by 27%.
Automated support for organizations interested in building stronger defenses for their critical infrastructure will be available in a future version, MITRE says. "We plan to keep evolving the Navigator as the discipline of cyber-resiliency engineering matures," MITRE's Steiger said in a statement.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024