NIST Ransomware Detection and Response Guide: Call for Comments

The National Cybersecurity Center of Excellence (NCCoE) has released a draft for public comment of the National Institute of Standards and Technology (NIST) Cybersecurity Special Publication, Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events.

The draft guide is particularly timely for MSSPs and MSPs — which remain prime targets for ransomware and other types of cyberattacks.

The document is intended as a best practice guide for those charged with protecting their organizations’ privacy, data and security profile such as executives, chief information security officers (CISO), system administrators, and others who have a stake in safeguarding data, privacy, and overall operational security. The project is to develop a reference design using commercially available technologies that will help various organizations implement stronger controls in a data security event, along with identifying relevant tools and strategies to responders. Private sector vendors participating in the project include Cisco, Glasswall, Micro Focus, Semperis, Symantec and Tripwire, all of which have relevant capabilities or products.

The three volume set includes an executive summary, a section on approach, architecture and security characteristics and a document containing how-to guides. The complete set can be downloaded here. The practice guide informs organizations of how to quickly detect and respond to data integrity attacks by implementing appropriate activities that immediately inform stakeholders.

In addition, the solution provides guidance on how to respond to the detected event, including deploying existing technologies that provided the following capabilities:

  • Event detection
  • Forensics/analysis
  • Integrity monitoring
  • Logging
  • Mitigation and containment
  • Reporting

Read more at: MSSPAlert