Understanding the 5 Core Functions of a Cybersecurity Framework

SPONSORED BLOG POST Developed by the U.S. National Institute of Standards and Technology (NIST), the Cybersecurity Framework (CSF) is a helpful tool that allows customers to assess and improve their existing cybersecurity program according to their needs. The framewo.. Continue

Understanding the 5 Core Functions of a Cybersecurity Framework
Category icon
Company & Partnership News

published icon
Published on
author icon
Written by
Michael Reeves, CISSP


Developed by the U.S. National Institute of Standards and Technology (NIST), the Cybersecurity Framework (CSF) is a helpful tool that allows customers to assess and improve their existing cybersecurity program according to their needs. The framework focuses on the security outcome—not necessarily the specific steps your customers can take to get there.

At its core, the CSF is logically broken down into five functions, which are further divided into categories and subcategories. The correct way for an organization to determine their “current profile” is to assess themselves against the subcategories, then make a risk-based determination to see what changes need to be made. That “target profile” then becomes, in essence, the roadmap to improve an organization’s cybersecurity posture.

Symantec has mapped all our solutions to the CSF, including some of the ways we address the cloud in each of the five functions:

Function #1 – Identify

You can’t protect what you can’t see, which is why “Identify” is the first function. This is also why Symantec Endpoint Protection Cloud (SEP Cloud) has a Discovery feature that ensures all your devices are protected by continuously scanning your network for unprotected devices and auto-enrolling these devices with a single click.

Once enrolled, SEP Cloud protects and manages PCs, Macs, mobile devices and servers from a single console, making it the ideal solution for organizations with limited IT security resources.

SEP Cloud effectively stops today’s ransomware, zero-day threats and other sophisticated attacks using advanced multi-layered technologies, including advanced machine learning and behavior analysis. It also uses SEP Cloud’s default security settings to quickly protect your endpoints.

Function #2 – Protect

The ubiquitous nature of the cloud has made the traditional “single moat around the castle” protection strategy obsolete. The cloud requires a zero-trust-based approach toward protection.

Symantec’s Secure Access Cloud is a cloud-delivered service that provides highly secure granular access management for enterprise applications deployed in IaaS cloud or on-premises data center environments. This SaaS platform eliminates the inbound connections to your network and creates a software-defined perimeter between users and corporate applications.

This zero-trust access service avoids the management complexity and security limitations of traditional remote access tools by ensuring all corporate applications and services are completely cloaked—meaning they’re invisible to attackers who are targeting applications, firewalls and VPNs.

In addition, authorized users can connect from anywhere in the world—using any device—and securely access any hosted application on distributed data centers of any type, including private clouds, public clouds or on-premises data centers.

Function #3 – Detect

Defending the “roaming endpoint” might be one of the greatest challenges the cloud creates. How do you adequately detect threats on an endpoint that’s constantly on the move and hopping from Wi-Fi to Wi-Fi spot?

Symantec Endpoint Protection Mobile (SEP Mobile) offers a comprehensive, highly accurate and effective mobile threat defense solution. It delivers superior depth-of-threat intelligence to predict and detect an extensive range of existing and zero-day threats.

SEP Mobile’s predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence—as well as device- and server-based analysis—to proactively protect mobile devices from malware, network threats and app/OS vulnerability exploits, with or without an Internet connection.

Function #4 – Respond

Email continues to be the primary threat vector used to launch a variety of attacks. As a result, you should have tools in place to holistically respond to any email threat.

Symantec Email (ESS) is a complete email security solution that safeguards cloud email such as Microsoft Office 365 and G Suite as well as on-premises email such as Microsoft Exchange.

This solution blocks new and sophisticated email threats such as ransomware, spear phishing and business email compromise with a multilayered defense and insights from the world’s largest civilian global intelligence network. And it does all this with the industry’s highest level of effectiveness and accuracy.  

Currently, Symantec is the first and only vendor to offer email threat isolation capabilities, giving our customers unparalleled protection from sophisticated email attacks. ESS accelerates your attack response with analytics that provide the deepest visibility into targeted and advanced attack campaigns.

Function #5 – Recover

After an incident, the goal of any organization is to get back to normal business or mission operations as quickly as possible. Meeting this goal often requires capabilities beyond what your in-house resources can deliver.

The global Symantec Incident Response team consists of proven and experienced experts backed by Symantec’s Global Intelligence Network and Symantec’s Cyber Security Services: DeepSight threat and adversary intelligence.

Symantec Emergency Response Services provides remote and/or on-site investigation support to help organizations without a retainer quickly mitigate the impact of an incident and restore business as usual. Incident Response Retainer Services is an annual subscription that includes on-site readiness services, pre-negotiated terms and SLAs.

Identify your target profile with Symantec

In the past, organizations needed only an on-premises security strategy to protect the infrastructure of their brick and mortar facilities. But in today’s modern cloud generation, the new normal is where data, devices and applications are no longer confined to the traditional perimeter. They exist on premises, in the cloud, in a hybrid state and outside corporate control.

The CSF is a result of an extensive public-private partnership that produced a flexible document that can help organizations of all sizes and sophistication levels develop and maintain an agile cybersecurity program. The flexible nature of the CSF allows you and your customers to account for the new cloud generation in your assessment and to identify and mitigate any gaps you find.

Learn more about how Symantec can help improve your organization’s cybersecurity by visiting Ingram Micro Cloud Marketplace today.