
MITRE has released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber-resilient systems.
Since the cyberattacks are on a constant rise and enterprise looks to protect the expanding and complex attack surface. Due to which the focus is shifting away from prevention to resilience to maintain essential business functions during an attack and recover quickly without losing too much downtime.
To align with NIST SP 800-160,Navigator helps organizations customize their cyber-resiliency goals, objectives, and techniques. It also outlines standards on developing cyber-resilient systems. MITRE ATT&CK techniques and mitigations was integrated into the Navigator tool to help engineers understand how the systems they are designing could be targeted.
The CREF framework guides engineers along four key principles: Anticipate (informed preparedness), Withstand (continue business functions even while under attack), Recover (restore business functions after an attack), and Adapt (change to minimize impact of attack).
Companies are looking at cyber resilience as part of their strategy to prevent incidents and mitigate losses when they occur. A survey held by CISCO named security resilience as a high priority. The report identified some actions that helped increase resilience:
- Companies with a mature zero-trust model saw a 30% increase in resilience score compared with those that had none.
- Having advanced extended detection and response (EDR) capabilities correlated to a 45% increase in resilience score for organizations over those that reported having no detection and response solutions.
- Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) increased resiliency scores by 27%.