The NSA recently published a Cybersecurity Information Sheet (CSI) continuing its focus on zero-trust security, this time looking at the Visibility and Analytics Pillar of the Zero Trust (ZT) framework. The NSA urges organizations to utilize the guidance in the report to systematically mitigate risks and rapidly identify, detect, and respond to emerging cyber threats. The NSA recommends the following actions:
- Log all relevant activity
- Centralize security information and event management
- Regularly use security and risk analytics, develop user and entity behavior analytics
- Integrate threat intelligence, and automate dynamic policies.
The capabilities described in this CSI are intended to continually mature cybersecurity protections, responses, and operations over time. Progression of capabilities in each of the ZT framework’s seven pillars should be seen as a cycle of continuous improvement based on evaluation and monitoring of threats. The Visibility and Analytics Pillar is the final pillar in the seven pillar ZT framework, which includes:
- User
- Device
- Application & Workload
- Data
- Network and Environment
- Automation and Orchestration
- Visibility and Analytics
The purpose of Zero Trust principles is to operate under the assumption that threats already exist within network boundaries. This mindset allows personnel and organizations to attentively identify, protect against, and respond to cyber intrusions. WaterISAC encourages members to review this CSI and to apply Zero Trust principles in their environments as needed. For more information and to access the full CSI, visit NSA.gov.