Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Towards that end, MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber resilient systems.
The Navigator helps organizations customize their cyber resiliency goals, objectives, and techniques, as aligned by NIST SP 800-160, which outlines standards on developing cyber-resilient systems. MITRE integrated the MITRE ATT&CK techniques and mitigations into the Navigator tool to help engineers understand how the systems they are designing could be targeted.
Resiliency is something that is engineered into the system – it doesn’t just happen. The CREF framework guides engineers along four key principles: Anticipate (informed preparedness), Withstand (continue business functions even while under attack), Recover (restore business functions after an attack), and Adapt (change to minimize impact of attack).
The tool makes it possible to search and visualize the cyber resiliency framework so that engineers can “make educated and informed choices,” Shane Steiger, MITRE’s principal cybersecurity engineer, said in a statement.
Companies are looking at cyber resilience as part of their strategy to prevent incidents and mitigate losses when they occur, according to Cisco’s annual Security Outcomes Report: 96% of executives surveyed named security resilience as high priority. The report identified some actions that helped increase resilience:
- Companies that reported implementing a mature zero trust model saw a 30% increase in resilience score compared to those that had none.
- Having advanced extended detection and response capabilities correlated to a 45% increase in resilience score for organizations over those that report having no detection and response solutions.
- Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) increased resiliency scores by 27%.
Automated support for organizations interested in building stronger defenses for their critical infrastructure will be available in a future version, MITRE says. “We plan to keep evolving the Navigator as the discipline of cyber resiliency engineering matures,” MITRE’s Steiger said in a statement.