Asset Management, Patch/Configuration Management, Endpoint/Device Security, Incident Response, NDR, Patch/Configuration Management, Security Operations, Threat Hunting, Threat Management, Vulnerability Management

How the Best Defense Gets Better

Security starts before detection and response, but many organizations focus there first. Mature security teams understand the importance of identification and protection.  Establishing good cyber hygiene and taking proactive measures to secure themselves against the ever-increasing threat landscape is a critical first step in a holistic security program.  How should organizations build a holistic security program and in what order?

The National Institute of Standards and Technologies (NIST) developed the best guide for building a holistic security program, known as the Cybersecurity Framework (CSF).  The NIST CSF identifies the 5 core domains of a security program:

  • Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
  • Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
  • Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
  • Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
  • Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.

Notice that Identify and Protect come before Detect and Respond, as this is also the logical order for developing and implementing your security program.  By implementing your best defenses first, you can detect and respond better.

To illustrate this approach, Russell From, Enterprise Services Integration Engineer Lead, at Tanium joined Enterprise Security Weekly to talk through a holistic approach to security using the Tanium platform approach. Commonly thought of as an Operational or Cybersecurity vendor, Tanium has built an integrated platform that covers Identify, Protect, Detect, and Respond that differentiates by being able to both discover issues and take action to resolve issues.

To learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same, watch the demo on Enterprise Security Weekly here, register for their upcoming webcast here, or visit for more information.

Matt Alderman

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.