For Unmanaged and IoT Devices
The National Institute of Standards and Technology (NIST) publishes a set of security guidelines called the “Cybersecurity Framework”, or CSF for short. It consists of five major functions: Identify, Protect, Detect, Respond, and Recover. These functions are divided into a total of 22 categories, which in turn are divided into a total of 98 subcategories, each defining an increasingly granular set of desired outcomes.
Many of the CSF functions can be implemented with fairly common asset discovery, management and security tools that have been developed and marketed over the past ten or fifteen years. However, in most cases, these tools assume that you can place an agent on the endpoint that you are trying to discover, manage and secure.
How can you implement all of the NIST CSF functions when you can’t put an agent on the endpoint?