Cellular networks will be transitioning from 4G to 5G, and 5G networks will provide increased cybersecurity protections. This project will identify several 5G use case scenarios and demonstrate for each one how to strengthen the 5G architecture components to mitigate identified risks and meet industry sectors’ compliance requirements. The project will demonstrate how commercial and open source products can leverage cybersecurity standards and recommended practices for each of the 5G use case scenarios, as well as showcase how 5G security features can be utilized. A phased approach will be employed to align with the development pace of 5G technology and availability of commercial 5G technology.

This iterative approach will provide the flexibility to add to the project as the phases evolve to take advantage of newly introduced security capabilities. This project will result in a freely available NIST Cybersecurity Practice Guide.This document describes several security considerations as industry is preparing for a migration to the 5th generation (5G) mobile network. The NCCoE cybersecurity team will develop approaches and proposed solutions in collaboration with a Community of Interest, equipment vendors, and telecommunication providers.

Click to download

Data Security Is Essential to Our Future

Like you, cybercriminals are on their own digital transformation journey. Connected Internet of Things (IoT) devices, bring-your-own-device
(BYOD) trends and cloud initiatives have given them new ways to infiltrate your organization by exponentially expanding the attack surface.
Technologies like artificial intelligence and machine learning have given these miscreants new tools with which to distribute malware, vector in on high-end targets, and reach bigger and more diverse audiences. And as these technologies evolve, cybercriminals are becoming
increasingly stealthy, sophisticated and evasive.

These days, cybercriminals are creative, ambitious and intelligent, with no shortage of resources at their disposal. They’re constantly reaching into their arsenal of tools to help them gain a competitive edge — only they’re competing to break into your systems and abscond with your IP address, personally identifiable information (PII) and other critical data before you even notice it’s gone. While their financial motivations have remained the same for decades, their methods have significantly evolved over the years.

Click to download

Security threats continue to be more sophisticated and advanced with each day, with the majority often going completely undetected. Organizations are usually scrambling to keep up and implement new security controls to protect themselves, which adds a new layer of
complexity.

Situation

Not everyone’s process needs are the same. These differences drive out different categories and niches within  the Security Information and Event Management (SIEM) market space. Understand your own business’s processes and the unique technical and functional requirements that accompany them. Use your own set of requirements to determine the SIEM solution that best fits your organization.

Complication

• With the rise of Advanced Persistent Threats (APTs) and insider attacks, it becomes extremely difficult for security staff to detect all the risks.
• Many IT and IT Security staff are already stretched thin by keeping track of many different security technologies that already exist.

Anyone looking to purchase a SIEM product must understand what they want and need from this technology. Many are quick to get any SIEM product and assume that it will satisfy their requirements, while it may not be the correct choice for them.
Others may find greater value in the capabilities of another security technology rather than a SIEM. This can also go beyond what your peers at similar organizations are doing. As each company has its own unique processes and internal controls, their requirements become very specific and can differ widely from that of others in the same industry.

Click to download 

Secure Access Service Edge (SASE), pronounced “sassy,” is a new cloud-based network security model proposed by research firm Gartner that combines multiple network technologies delivered as a service including SWG, CASB, FWaaS and ZTNA with WAN capabilities (i.e., SDWAN) to support dynamic secure access to organizational assets. This new model allows IT security teams to easily connect and secure all of their organization’s networks and usersin an agile, cost-effective and scalable way.

As organizations continue to drive compute workloads to the cloud and mobile devices proliferate, edge computing is changing access requirements with billions of connected devices requiring cloud services and on-premises resources. At the same time, more users, devices, applications, services and data are being generated and located outside of an organization than inside.
Traditional network security architectures that typically place enterprise data centers at the center of IT resources are also becoming roadblocks to the dynamic access requirements of digital businesses and edge computing scenarios as cloud-native technologies require more dynamic and agile identity and access resources to secure workloads and data.

With numerous cybersecurity and network security solutions offered across a highly segmented market space, too many security services and categories are complicating what should be an integrated approach to an organization’s network security environment. The
entire cybersecurity vendor community needs to come together and provide a holistic approach to cybersecurity, and this is where the concept of Secure Access Service Edge or SASE comes in.

Click to download 

Cybersecurity is not a new issue, but the stakes are getting higher. The scale of regulatory penalties is growing, and customers—consumers, businesses and public-sector organizations alike—are becoming more sensitive to the issue. In the past, many consumers saw little difference between the security postures of the companies—such as banks and retailers—pursuing their business, and so it didn’t sway their loyalty. That’s changing, and consequently lots of companies are responding by making security and data privacy central to their value proposition.

For more than a decade, Verizon has published some of the preeminent reports on cybersecurity, including the Data Breach Investigations
Report (DBIR). This is the fourth edition of the Mobile Security Index. As the name suggests, it focuses on the threats to mobile devices; what
defenses companies have in place to thwart these attacks; and how often those fail, leading to a mobile-related compromise.

One of the key themes of the 2020 Mobile Security Index was mal-innovation. We talked about how cybercriminals were constantly finding new and often imaginative ways to carry out attacks. In another life, where their motives weren’t nefarious and the outcomes not so damaging to so many, the creativity and ingenuity shown by some of the attackers would merit fame and accolades.

Click to download