Network Security Framework (NSF) is a framework that helps organizations secure their networks from the ground up. It is in connection with the National Institute of Standards and Technology (NIST) Cybersecurity Framework. And is comprised of a set of modular capabilities to help organizations build security in their networks, along with event-driven decision support that provides the context and intelligence needed to make optimal security decisions.
Network Security Framework is built on open standards, leveraging existing standards such as:
What are the components of the Network Security Framework?
The following are the different components of the Network Security Framework:
Security Automation Platform (SAP)
Provides automated network security services based on open standards. It provides an extensible set of capabilities that can be configured and deployed as part of an overall cybersecurity strategy. SAP also supports flexible feeder systems (such as FireEye
CyberThreat Feeder
CTF) that enables it to ingest data from multiple sources and pass it through the various capabilities in SAP. SAP also provides visibility into events using its Network Analytics capability, which integrates real-time network traffic data into the detection, analysis, and response capabilities. This integration of data enables you to perform powerful threat analyses against your network traffic and infrastructure. You can then use this analysis to correlate your threats across various sources for faster, more accurate threat identification and response.
– An open-source toolkit that automates analytics tasks such as a correlation between events from multiple types of sensors (e.g., Open Sourced Intelligence – OSINT), malware analysis from multiple sources (e.g., VirusTotal), domain name resolution, and so on.
Open Sourced Intelligence (OSINT)
Capabilities to search the public Internet for information related to your organization’s security posture and that of your network resources. This includes capabilities to search for: relationships between actors (e.g., domains, IP addresses, email addresses) relationships between files (e.g., hashes) relationships between documents (e.g., URLs, domains)
Open Sourced Intelligence Feeder (OSIF)
A feeder system available from FireEye that provides OSINT data about threats and vulnerabilities to SAP for threat analysis. It supports various types of feeds: URLs Domain Names IP Addresses Email Addresses File Hashes Malware Hashes
Open Vulnerability Assessment Language (OVAL) Feeder
A feeder system available from FireEye that provides vulnerability data about your network devices based on OVAL definitions as well as other vulnerability sources such as the National Vulnerability Database (NVD). It can also be used in combination with other feeders such as CTF, which enables it to ingest data from multiple sources and pass it through the various capabilities in SAP.
Advantages of Network Security Framework
NSF is on open standards to ensure interoperability and ease of use. OSSEC is an open-source toolkit that automates analytics tasks such as a correlation between events from multiple types of sensors (OSINT), malware analysis from multiple sources (VirusTotal), domain name resolution, and so on.
Challenges of Network Security Framework
The following are the challenges of the Network Security Framework:
Deploying NSF can be complex as it involves a number of components working together to provide an integrated security solution.
Deploying new capabilities in NSF is both time-consuming and costly.
NSF does not provide a mechanism for upgrading to newer versions. Therefore, if new features are out, the user has to deploy all the new capabilities at once. At present, NSF has no automatic upgrade functionality. Hence, users have to manually download and install new capabilities. If you want to restore your network security framework to a previous version, you have to download that version and install it on your system again.