Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
Data breaches, ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to an organization’s infrastructure. Database records, system files, configurations, user files, applications, and customer data are all at risk should an attack occur. Organizations that do not implement detection and response solutions leave themselves at risk for many types of data integrity attacks.
Detailing methods and sample tool sets to help organizations detect, mitigate, and contain data integrity events
The process to mitigate an active attack on an organization’s data integrity requires use of strong, effective tools. Detection of a data integrity attack involves identification of its source, the affected systems, and sufficient data collection to allow for impact analysis. Once detected, swift response to a threat is critical to mitigate the need for recovery action after an event occurs.
The NCCoE is addressing the challenge of detecting and responding to malicious malware and other damaging attacks by collaborating with industry and the information technology (IT) community, including cybersecurity solution vendors.
The NCCoE developed and implemented a solution that incorporates multiple systems working in concert to detect an ongoing data integrity cybersecurity event. Additionally, the solution provides guidance on how to respond to the detected event. Addressing these functions together enables organizations to have the necessary tools to act during a data integrity attack.
Cyber threats are not abating, rather they are increasing and becoming more complex, pervasive, and damaging. Organizations that lack detection and response solutions are highly vulnerable to data integrity events.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides
A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution.