Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Current Status

This project has entered the build phase. We have selected several technology collaborators who have signed a Cooperative Research and Development Agreement (CRADA: see an example) with the National Institute of Standards and Technology (NIST).

Download the Detecting and Responding to Ransomware and Other Destructive Events Project Description for more information on this project.

Summary

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project that could help organizations detect and respond to data integrity events across multiple industries. This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help various organizations implement stronger security controls.

Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to an organization’s infrastructure. Database records and structure, system files, configurations, user files, application code, and customer data are all at risk should an attack occur. 

Organizations that do not implement detection and response solutions leave themselves at risk for many types of data integrity attacks. These risks could be reduced using capabilities such as:

  • integrity monitoring
  • event detection
  • vulnerability management
  • reporting capabilities
  • mitigation and containment

This project focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It will also identify tools and strategies to aid in a security team’s response to such an event. The scope of the project will answer specific questions pertaining to detecting and responding to data integrity events. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Cisco
Glasswall Solutions logo
Micro Focus logo
Semperis
Symantec logo
Tripwire logo
Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

Join Our Community of Interest

Interested in joining the Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events

The Greatest of Rewards – Working with Integrity
March 18, 2019
RSA Conference 2019
March 04, 2019
NCCoE and Industry Collaborate to Identify, Protect, Detect, and Respond to Data Integrity Events
October 11, 2018
Introducing a New, Informative Resource for Security Professionals
June 26, 2018
NIST Seeks Industry Input on Developing Steps for Defending Against Ransomware Attacks
April 27, 2018
View More