ManageEngine’s

guide to implement the NIST

Cybersecurity Framework

02
Table of content
The NIST Cybersecurity Framework 04

The benefits of implementing the

NIST Cybersecurity Framework 05

Components framework 06

How can ManageEngine help you

implement the five functions of the framwork? 10
Identify 11
Protect 18
Detect 26
Respond 30
Recover 34

How can you establish or improve a

cybersecurity program? 36

Parting thoughts 37

About ManageEngine 37
01
 Disclaimer

Copyright © Zoho Corporation Pvt. Ltd. All rights reserved. ManageEngine makes no warranties, express, implied, or
This material and its contents (“Material”) are intended, among statutory, and assumes no responsibility or liability as to the
other things, to present a general overview of how you can information in this Material. You may not copy, reproduce,
use ManageEngine’s products and services to implement distribute, publish, display, perform, modify, create derivative
the NIST Cybersecurity Framework in your organization. Full works, transmit, or in any way exploit the Material without
implementation of the NIST Cybersecurity Framework requires ManageEngine’s express written permission.
a variety of solutions, processes, people, and technologies.
The ManageEngine logo and all other ManageEngine marks
The solutions mentioned in this Material are some of the ways are registered trademarks of Zoho Corporation Pvt. Ltd. Any
in which IT management tools can help with some of the NIST other names of software products or companies referred to
Cybersecurity Framework implementation. Coupled with other in this Material, and not expressly mentioned herein, are the
appropriate solutions, processes, and people, ManageEngine’s trademarks of their respective owners. Names and characters
solutions help organizations implement the NIST Cybersecurity used in this Material are either the products of the author’s
Framework. This Material is provided for informational imagination or used in a fictitious manner. Any resemblance to
purposes only and should not be considered as legal advice for actual persons, living or dead, is purely coincidental.
implementing the NIST Cybersecurity Framework.

03
02
 The NIST Cybersecurity
Framework

With the evolving cybersecurity threat landscape, organizations Today, it has been widely implemented in private and public
are racing to find and implement effective cybersecurity sectors across organizational departments and around the
solutions that help them manage and mitigate security risks globe. Organizations, regardless of their size and industry,
preemptively. can leverage the best practices outlined in the framework
to understand, manage, and mitigate the cybersecurity risks
The National Institute of Standards and Technology (NIST) associated with their data and networks.
developed a framework that could bolster the critical
infrastructure of the US, as per the Cybersecurity Enhancement The NIST Cybersecurity Framework offers guidelines and
Act of 2014. standards to manage cybersecurity risks across an entire
organization or its critical infrastructures. The framework offers
The framework was originally imagined as a cybersecurity risk organizations a flexible, repeatable, and cost-effective approach
management system for the critical infrastructures of the US. towards managing cybersecurity risks on a voluntary basis.

04
01
 The benefits of implementing the
NIST Cybersecurity Framework

Strengthen cybersecurity posture: easily as the framework references multiple standards for its
Organizations can discover their current security posture and implementation.
prioritize opportunities to strengthen it by taking guidance from
the informative references outlined in the framework. Maximize ROI:
Focus on critical service delivery components to make
Measure organizational risks: the implementation process cost-effective by reprioritizing
Assess risks objectively and formulate an action plan considering resources.
the budget and resources available to bring risks within tolerance
levels. Become risk-informed:
Transform reactive cybersecurity practices to an agile, risk-
Comply with global standards: informed approach, and continuously adapt to the evolving
Comply with other existing global standards and mandates threat landscape.

05
02
Components of the
framework

06
01
 Framework core

The framework core consists of key risk management activities Identify: Understand and identify important systems, people,
that pave the way for organizations to realize cybersecurity assets, and data and their associated risks to manage
outcomes that align with their business objectives. This cybersecurity.
outcome-driven approach allows for tailor-made action plans
to meet business requirements. Protect: Implement appropriate safeguards to protect the
critical infrastructure and resources of an organization.
The core comprises five concurrent functions and offers a
holistic strategy to understand potential security threats, Detect: Monitor systems continuously to discover the
mitigate their impact, and recover from any business occurrence of a cybersecurity incident or anomaly promptly.
disruptions.can leverage the best practices outlined in the
framework to understand, Respond: Take actions against a detected cybersecurity
attack and limit its impact.
Functions are not meant to be a serial path to a desired state
but to be performed concurrently and continuously to develop Recover: Ensure business continuity and undertake recovery
an organizational culture that addresses emerging activities to restore business operations.
cybersecurity risks.

07
02
 Framework
implementation tiers
The implementation tiers illustrate the degree to which an organization’s established
cybersecurity program reflects the characteristics outlined in the framework. It helps in
understanding the scope of cybersecurity practices established to manage risks.

Tier 1: Partial Tier 2: Risk informed Tier 3: Repeatable Tier 4: Adaptive

Irregular, reactive Some awareness A consistent An advanced

risk management of cybersecurity cybersecurity response
practices with risks, but limited risk management system capable
limited awareness establishment program across of effectively
of cybersecurity of a risk an organization improving its risk
risks. management with processes management
program at an to respond based program based
organizational on changes in the on previous
level threat landscape. incidents and
predictive
indicators.

08
01
 Framework profile

The framework profile represents an organization’s desired cybersecurity program. Based on the priority and estimated
target cybersecurity posture. An organization can develop its cost of the corrective efforts, organizations can plan for
profile by selecting all the most important outcomes based cybersecurity improvement measures.
on its business goals, risk tolerances, and resources from the
categories and subcategories of the framework core. Organizations can use the framework profile to communicate
the cybersecurity requirements that their partners and external
By creating a current profile and comparing it with the target stakeholders, who deliver critical products and services, need
profile, organizations can identify opportunities to improve their to meet in order to keep their supply chain secure.

09
02
How can ManageEngine
help you implement the
NIST Cybersecurity
Framework?

While the NIST Cybersecurity Framework consists of technical and non-technical

controls to manage cybersecurity risks, we can help you implement the
technical aspects of it.

10
01
 Identify:

Develop an organizational understanding to manage

cybersecurity risk to systems, people, assets, data, and
capabilities.

11
02
 Category Subcategory How ManageEngine solutions can help you

Asset Management (ID.AM): ID.AM-1: Asset Explorer:

Discover IP-based devices within the organization with agent-based (Windows,
The data, personnel, devices, Physical devices and systems within Linux, and macOS) and agentless mechanisms.
systems, and facilities that enablethe the organization are inventoried
organization to achieve business Endpoint Central:
purposes are identifiedand managed Enroll devices manually or automatically, or have users self-enroll their mobile
consistent with their relative devices, and then grant corporate network access only to these devices.
importance to organizational
objectives and the organization’s Network Configuration Manager:
risk strategy Keep track of devices in the network and their device specifics, such as serial
numbers, interface details, port configurations, and hardware specifics.

ID.AM-2: Asset Explorer:

Get complete visibility into the software installed in your network, and keep
Software platforms and applications track of purchased software licenses.
within the organization are inventoried
Endpoint Central:
Scan networks periodically to fetch the installed software details.

ID.AM-3: Asset Explorer:

Establish and map data flows between assets, applications, documents, and
Organizational communication and people with the help of a CMDB.
data flows are mapped
Endpoint Central:
Map pending requests, issues, and changes raised to their respective
configuration items using a CMDB.

DataSecurity Plus:
Locate sensitive personal data within files and catalog it.

12
01
Category Subcategory How ManageEngine solutions can help you

ID.AM-4: DataSecurity Plus:

Monitor internal and external cloud applications and gain visibility into the en-
External information systems are cata- crypted network traffic of your organization. Catalog and analyze the browsers
logued used to access cloud applications.

Cloud Security Plus:

Gain visibility into your AWS, Azure, and GCP cloud infrastructure through
comprehensive reports and customizable alerts.

Log360:
Track and monitor the sanctioned and unsanctioned applications in your cloud
with an integrated CASB.

ID.AM-5: PAM360:
Access business-critical resources securely as per assigned privilege level.
Resources (e.g., hardware, devices, Classify critical and business-value resources using a CMDB.
data, time, personnel, and software)
are prioritized based on their classifica- AD360:
tion, criticality, and business value Identify user record changes in the HRMS database and automatically modify
corresponding user data in Active Directory.

Endpoint Central:
Configure policy settings on endpoints to restrict user actions and access to
applications based on the assigned user privilege, which is based on
department or role.

01
13
02
 Category Subcategory How ManageEngine solutions can help you

ID.AM-6: PAM360:
Allow the workforce, third-party stakeholders, and external vendors to access
Cybersecurity roles and responsibilities organizational resources securely.
for the entire workforce and third-party
stakeholders (e.g., suppliers, Endpoint Central:
customers, partners) are established Map users to customizable roles with a prescribed set of activities and access
permissions based on the requirements.

Business Environment (ID.BE): ID.BE-4: Endpoint Central:

Map roles and selective privileges to users on Windows, Linux, and Mac
The organization’s mission, Dependencies and critical functions devices for effective risk management.
objectives, stakeholders, and for delivery of critical services are
activities are understood and established
prioritized; this information is used
to inform cybersecurity roles,
responsibilities, and risk
management decisions.

Business Environment (ID.BE): ID.GV-1: : PAM360:

Establish strict governance over privileged access pathways to critical assets
The organization’s mission, Dependencies and critical functions based on user roles and requirements.
objectives, stakeholders, and for delivery of critical services are
activities are understood and established
prioritized; this information is used
to inform cybersecurity roles,
responsibilities, and risk
management decisions.

01
14
01
 Category Subcategory How ManageEngine solutions can help you

ID.GV-3 Log360:
Simplify compliance management with audit-ready report templates for PCI
Cyber threat intelligence is received DSS, HIPAA, FISMA, CCPA, the GDPR, and more.
from information sharing forums

Risk Assessment (ID.RA): ID.RA-1: Vulnerability Manager Plus:

Discover, assess, and prioritize vulnerable endpoints in your network.
The organization understands the Dependencies and critical functions
cybersecurity risk to organizational for delivery of critical services are Log360:
operations (including mission, established Discover, analyze, and protect sensitive information stored in your network.
functions, image, or reputation),
organizational assets, and Cloud Security Plus:
individuals. Monitor the log data from AWS, Azure, and GCP cloud infrastructures to
identify security threats.

M365 Security Plus:

Detect and analyze security risks in M365 environments, such as failed logon
attempts, file access, role changes, and license modifications.

ID.RA-2: Log360:
Leverage STIX, TAXII , and AlienVault OTX format threat feeds to discover
Cyber threat intelligence is received malicious IPs, domains, and URLs.
from information sharing forums
Vulnerability Manager Plus:
Prioritize threat response based on news feeds with vulnerabilities that
attackers are exploiting.

01
15
02
Category Subcategory How ManageEngine solutions can help you

ID.RA-3: Log360:
Detect malicious software, services, and processes on endpoints and serv-
Threats, both internal and external, are ers. Mitigate insider threats and account compromise with UEBA. Maintain a
identified and documented tamper-proof log archive to ensure log data from Windows, syslogs, and other
applications is secured for future forensic analysis and audits.

Vulnerability Manager Plus:

Identify all the assets in the network and perform agent-based scans periodi-
cally to uncover emerging vulnerabilities, network misconfigurations, high-risk
software, active ports, and more.

Firewall Analyzer:
Analyze firewall security logs to identify network breach attempts and attacks
such as a virus, a Trojan, and denial-of-service.

ID.RA-5: Log360:
Identify the impact of potential risks from rogue users and entities with UEBA
Threats, vulnerabilities, likelihoods, and and flag the anomalies.
impacts are used to determine risk
Vulnerability Manager Plus:
Scan the assets in your networks to identify OS, third-party application, and
zero-day vulnerabilities. Understand the impact of the threats through the
severity ranking dashboard.

01
16
01
 Category Subcategory How ManageEngine solutions can help you

ID.RA-5: Log360:
Identify the impact of potential risks from rogue users and entities with UEBA
Threats, vulnerabilities, likelihoods, and and flag the anomalies.
impacts are used to determine risk
Vulnerability Manager Plus:
Scan the assets in your networks to identify OS, third-party application, and
zero-day vulnerabilities. Understand the impact of the threats through the
severity ranking dashboard.

ID.RA-6: Log360:
Respond to internal and external threats effectively with a set of predefined
Risk responses are identified and actions by leveraging automated incident workflows.
prioritized
PAM360:
Assign trust scores to users and devices based on their security compliance,
and use policy-based access controls to process requests automatically and
take custom actions as per organization policies.

Risk Management Strategy ID.RM-1: DataSecurity Plus:

(ID.RM) Discover sensitive data and classify it based on sensitivity to ensure protection
Risk management processes are and compliance.
The organization’s established, managed, and agreed to
priorities, constraints, risk by organizational stakeholders PAM360:
tolerances, and assumptions are Identify suspicious privileged activity by leveraging AI- and ML-driven
established and used to support capabilities, and terminate malicious behavior.
operational risk decisions.

01
17
02
 Protect:

Develop and implement appropriate

safeguards to ensure delivery of
critical services.

18
01
 Category Subcategory How ManageEngine solutions can help you

Identity Management, PR.AC-1

AD360:
Authentication and Access
Identities and credentials are issued, Automate authorization of user access to resources based on their
Control (PR.AC):
managed, verified, revoked, and organization role.
Access to physical and logical audited for authorized devices, users
and processes PAM360:
assets and associated facilities is
Identify and authorize access to business-critical resources, and spot
limited to authorized users, p
unusual privileged activities.
rocesses, and devices, and is
managed consistent with the
FileAnalysis:
assessed risk of unauthorized access
Prevent privilege abuse by analyzing users’ access permissions.
to authorized activities and
transactions.

PR.AC-3: PAM360:
Allow privileged users to access remote hosts without any endpoint agents.
Remote access is managed Provision secure access to critical data center components through SSH,
Telnet, and RDP connections.

Endpoint Central:
Establish a secure, web-based connection to remote computers in the LAN
and WAN through VPN or internet.

PR.AC-4: PAM360:
Establish strict governance over privileged access pathways and critical in-
Access permissions and authorizations frastructure. Assign just-in-time controls and provision higher privileges only
are managed, incorporating the when required by users.
principles of least privilege and
separation of duties AD360:
Streamline identity access management tasks by imposing least privilege
access policies to users based on their roles and responsibilities.
01
19
02
Category Subcategory How ManageEngine solutions can help you

PR.AC-5: Network Configuration Manager:

Configure the network configlets and maintain control over change workflow
Network integrity is protected (e.g., and changes within network infrastructure.
network segregation, network
segmentation) AD360:
Streamline identity access management tasks by imposing least privilege
access policies to users based on their roles and responsibilities.

PR.AC-6: PAM360:
Onboard privileged user accounts into a secure vault mechanism that offers
Identities are proofed and bound to role-based access to the critical assets in the network.
credentials and asserted in interactions
AD360:
Streamline identity access management tasks by imposing least privilege
access policies to users based on their roles and responsibilities.

PR.AC-7: ADSelfService Plus:

Implement MFA techniques such as biometrics and QR codes to
Users, devices, and other assets are authenticate user identity.
authenticated (e.g., single-factor,
multifactor) commensurate with the Identity Manager Plus:
risk of the transaction (e.g., individuals’ Centrally manage application access and usage, and provide SSO for
security and privacy risks and other your end users.
organizational risks)

20
01
 Category Subcategory How ManageEngine solutions can help you

Data Security (PR.DS): PR.DS-1: DataSecurity Plus:

Secure and control access to USBs, selectively block file copy actions for
Information and records (data) are Data-at-rest is protected business-critical information, and prevent leakage of confidential files via email
managed consistent with the attachments.
organization’s risk strategy to
protect the confidentiality, integrity, Endpoint DLP Plus:
and availability of information. Automate detection and classification of personal data, audit file access,
and establish policies to ensure secure usage.

PR.DS-2:
Key Manager Plus:
Manage SSH keys and digital certificates to ensure secure, encrypted data
Data-in-transit is protected
communication.

PR.DS-3: Asset Explorer:

Handle the complete life cycle of every asset from procurement to disposal.
Assets are formally managed
throughout removal, transfers, and
disposition

PR.DS-4: OpManger Plus:

Monitor and optimize your network bandwidth, the performance of critical
Adequate capacity to ensure network devices, the firewall, and servers.
availability is maintained

21
02
Category Subcategory How ManageEngine solutions can help you

PR.DS-5: Endpoint Central:

Identify emails containing sensitive information using fingerprinting, keyword
Protections against data leaks are search, and RegEx, and block emails as per your policy. Block the transfer of
sensitive information via unauthorized USB devices. Control the download and
printing limit for trusted devices.

PR.DS-6: DataSecurity Plus:

Maintain file integrity by monitoring permission changes, file creation, and
Privileged users understand their roles move and modify events.
and responsibilities
Network Configuration Manager:
Identify potential firmware security vulnerabilities in your network and perform
corrective measures periodically.

Vulnerability Manager Plus:

Monitor network endpoints to detect end-of-life
software, peer-to-peer apps, and remote-sharing tools. Eliminate the associat-
ed security risks by uninstalling unsafe software.

01
22
01
 Category Subcategory How ManageEngine solutions can help you

Information Protection PR.IP-1: Network Configuration Manager:

Processes and Procedures Back up incremental versions of network configurations and choose the most
(PR.IP): A baseline configuration of information stable version as the baseline configuration.
technology/industrial control
Security policies (that address systems is created and maintained
purpose, scope, roles, responsibili- incorporating security principles (e.g.
ties, management commitment, and concept of least functionality)
coordination among organizational
entities), processes, and procedures
are maintained and used to manage
protection of information systems PR.IP-3: Network Configuration Manager:
and assets.protect the confiden- Automate configuration backups and database backups to withstand network
tiality, integrity, and availability of Configuration change control mishaps.
information. processes are in place
ServiceDesk Plus:
Configure change types, roles, and statuses to manage your change cycle.

PR.IP-4: RecoveryManager Plus:

Back up your AD, Azure AD, Microsoft 365, Google Workspace, and Exchange
Backups of information are conducted, environments.
maintained, and tested
Network Configuration Manager:
Automate network device configuration backups and reduce downtime.

01
23
02
 Category Subcategory How ManageEngine solutions can help you

PR.IP-5: PAM360:
Secure administrative access to critical systems through privileged pathways.
Policy and regulations regarding the
physical operating environment for Endpoint Central:
organizational assets are met Configure stringent passcode and device lock policies to protect corporate
assets.

Mobile Device Manger Plus:

Configure device settings and functions on corporate mobile devices based
on assigned groups. Set up alerts and schedule custom reports to gain
visibility into compliance violations.

PR.IP-6: Endpoint Central:

Perform a corporate wipe to remove corporate data, leaving personal data
Data is destroyed according to policy intact in personnel’s mobile assets.

PR.IP-9: ServiceDesk Plus:

Streamline major incident management by configuring multiple criteria to
Response plans (Incident Response execute custom actions. Reduce repeat incidents by defining closure rules.
and Business Continuity) and recovery
plans (Incident Recovery and Disaster
Recovery) are in place and managed

Maintenance (PR.MA): PR.MA-1: ServiceDesk Plus:

Configure workflows for regular maintenance tasks and gain visibility into
Maintenance and repairs of industrial Maintenance and repair of assets that are in repair, expired, or maintenance mode.
control and information system com- organizational assets are performed
ponents are performed consistent and logged, with approved and Patch Manager Plus:
with policies and procedures. controlled tools Automate the distribution of OS and third-party patches to endpoints as per
configured deployment policies.

24
01
 Category Subcategory How ManageEngine solutions can help you

Protective Technology (PR.PT): PR.PT-1: Log360:

Collect logs from devices, servers, network devices, firewalls, and more.
Technical security solutions are Audit/log records are determined, Encrypt the log data for future forensic analysis, compliance, and internal
managed to ensure the security and documented, implemented, and audits.
resilience of systems and assets, reviewed in accordance with policy
consistent with related policies, Firewall Analyzer:
procedures, and agreements. Collect and analyze log data from the firewall and other security devices to
discover security threat attempts and perform bandwidth management.

PR.PT-3: Application Control Plus:

Limit malware intrusions by blocklisting malicious executables.
The principle of least functionality is
incorporated by configuring systems PAM360:
to provide only essential capabilities Adopt a Zero Trust security approach to reduce security risks by using least
privilege workflows for access provisioning.

DataSecurity Plus:
Detect ransomware with threshold-based alerts by inspecting sudden spikes in
file rename and other change events. Shut down infected devices to contain
the ransomware spread in your network quickly.

PR.PT-5: OpManager Plus:

Secure your network with the Advanced Security Analytics Module to detect
Mechanisms (e.g., fail-safe, load zero-day network intrusions, firewall rule anomalies, and rogue devices.
balancing, hot swap) are implemented
toachieve resilience requirements in Endpoint Central:
normal and adverse situations Protect data by managing BitLocker encryption in endpoints. Prevent
ransomware attacks with behavioral detection and fail-safe recovery. Secure
sensitive information from theft by using advanced data loss prevention
strategies.

25
02
 Detect:

Develop and implement appropriate

activities to identify the occurrence of a
cybersecurity event.

26
01
 Category Subcategory How ManageEngine solutions can help you

Anomalies and Events (DE.AE): DE.AE-1: Log360:

Group users in the network based on their behaviors and establish a baseline
Anomalous activity is detected and A baseline of network operations and for their group. Use the baseline as a reference to flag any deviations as anom-
the potential impact of events is expected data flows for users and alies and raise alerts.
understood. systems is established and managed
OpUtils:
Scan routers and subnets periodically to detect rogue devices in the network
and block their access.

NetFlow Analyzer:
Leverage the network behavior anomaly detection system to analyze server
traffic, diagnose network anomalies, and identify any threats in the network.

DataSecurity Plus:
Monitor file activities, data transfers, and application usage to spot anomalous
activities.

DE.AE-2: Log360:
Analyze and correlate logs with visual dashboards to discover security
Detected events are analyzed to incidents, attacks, and suspicious or malicious user behavior.
understand attack targets and
methods

DE.AE-3: Log360:
Collect and analyze event logs from the endpoints, servers, network devices,
Event data are collected and correlated and firewalls in your environment to spot security threats.
from multiple sources and sensors

27
02
 Category Subcategory How ManageEngine solutions can help you

DE.AE-4: Log360:
Understand the impact of incidents by conducting post-attack analysis and
Impact of events is determined identify patterns to stop attacks through log forensics.

DE.AE-5: Log360:
Configure alert thresholds by selecting the number of anomalies, interval, and
Incident alert thresholds are time range that would trigger the alert.
established

Security Continuous DE.CM-1: Log360:

Monitoring (DE.CM): Gain insights into your security incidents by monitoring and collecting
The network is monitored to detect extensive audit data from servers, firewalls, applications, and endpoints.
The information system and assets potential cybersecurity events
are monitored to identify NetFlow Analyzer:
cybersecurity events and verify the Utilize flow technologies to aid in network forensics and security analysis to
effectiveness of protective discover internal or external security threats, zero-day vulnerabilities, and
measures. network anomalies.

DE.CM-3: Log360:
Monitor privileged user activities, data access, and network access, and
Personnel activity is monitored to receive real-time alerts for incidents.
detect potential cybersecurity events

28
01
 Category Subcategory How ManageEngine solutions can help you

DE.CM-7: OpUtils:
Identify rogue device intrusions in the network and block access.
Monitoring for unauthorized personnel,
connections, devices, and software is Endpoint Central:
performed Limit cyberattacks by blocking non-business applications and malicious
executables.

Log360:
Discover the entire list of shadow IT applications in the network automatically
and track users requesting access to these applications.

DE.CM-8: Vulnerability Manager Plus:

Scan your networks periodically to detect vulnerabilities and remediate patch
Vulnerability scans are performed deployment.

Detection Processes (DE.DP): DE.DP-4: Log360:

Correlate log data to detect attack patterns, conduct root cause analysis, and
Detection processes and Event detection information is automate immediate notifications via email and SMS.
procedures are maintained and communicated
tested to ensure awareness of AD360:
anomalous events. Set up alert profiles to notify security personnel via email and SMS on
detection of suspicious user activity with UBA.

Firewall Analyzer:
Send security alerts to admins through email or SMS on detection of
anomalous traffic behavior.

DE.DP-5: Analytics Plus:

Gather insights from anomaly patterns and drill down to specific metrics to
Detection processes are continuously identify areas that need improvement.
29
improved 02
 Respond:

Develop and implement appropriate

activities to take action regarding a detected
cybersecurity incident.

30
01
 Category Subcategory How ManageEngine solutions can help you

Response Planning (RS.RP): RS.RP-1: Vulnerability Manager Plus:

Remediate threats and vulnerabilities by automating the deployment of
Response processes and Response plan is executed during or patches to operating systems and third-party applications.
procedures are executed and after an incident
maintained, to ensure response to ADManager Plus:
detected cybersecurity incidents. Modify or revoke NTFS permissions to limit the exposure of sensitive files.

Log360:
Automate and accelerate threat response through standard workflows, and
streamline incident management by integrating with ticketing tools.

ServiceDesk Plus:
Automate major incident workflows to improve resolution time and streamline
major incident management.

Communications (RS.CO): RS.CO-3: ServiceDesk Plus:

Automate custom notifications to various relevant stakeholders through email
Response activities are Information is shared consistent with when a high priority tickets are created.
coordinated with internal and response plans
external stakeholders (e.g. exter-
nal support from law enforcement
agencies).
RS.CO-5: Site24x7 StatusIQ:
Keep all stakeholders in the loop about an incident by posting on your status
Voluntary information sharing occurs page or sending out notifications via SMS or email.
with external stakeholders to achieve
broader cybersecurity situational
awareness

31
02
 Category Subcategory How ManageEngine solutions can help you

Analysis (RS.AN): RS.AN-1: Log360:

Mitigate internal and external threats by collecting and analyzing real-time data
Analysis is conducted to ensure ef- Notifications from detection systems from all critical resources.
fective response and support recov- are investigated
ery activities.

RS.AN-2: Vulnerability Manager Plus:

Scan your networks periodically to detect vulnerabilities and remediate patch
The impact of the incident is deployment.
understood

RS.AN-3: NetFlow Analyzer:

Detect security threats using Continuous Stream Mining Engine technology.
Forensics are performed Track network anomalies that infiltrate your firewall and identify context-sensi-
tive anomalies by analyzing traffic patterns.

Log360:
Conduct forensics analysis by identifying network and system anomalies.

RS.AN-4: ServiceDesk Plus:

Classify incidents based on their urgency and the severity of their impact on
Incidents are categorized consistent users or the business.
with response plans

RS.AN-5: Vulnerability Manager Plus:

Test and deploy patches to multiple operating systems and third-party
Processes are established to receive, applications.
analyze and respond to vulnerabilities
disclosed to the organization from
internal and external sources (e.g.
internal testing, security bulletins, or 32
security researchers) 01
 Category Subcategory How ManageEngine solutions can help you

Mitigation (RS.MI): RS.MI-1: OpManager:

Automate fault remediation actions based on incident alerts.
Activities are performed to prevent Incidents are contained
expansion of an event, mitigate its
effects, and resolve the incident.
RS.MI-2: ServiceDesk Plus:
Reduce repeat incidents through root cause analysis.
Incidents are mitigated
Log360:
Automate incident response and create incident workflows triggered by alerts.

RS.MI-3: Log 360:

Prioritize security threats and automate response to detected incidents.
Newly identified vulnerabilities are
mitigated or documented as accepted Vulnerability Manager Plus:
Mitigate the exploitation of security loopholes in your network and prevent
further loopholes from developing.

Improvements (RS.IM): RS.IM-2: Vulnerability Manager Plus:

Remedy web server security flaws by acquiring details on the incident cause
Organizational response activities are Response strategies are updated and impact. Prioritize vulnerable areas susceptible to exploitation by using
improved by incorporating lessons attacker-based analytics.
learned from current and previous
detection/response
activities.

33
02
 Recover:

Develop and implement appropriate activities to

maintain plans for resilience and to restore any
capabilities or services that were impaired due to a
cybersecurity incident.

34
01
 Category Subcategory How ManageEngine solutions can help you

Recovery Planning (RC.RP): RC.RP-1: RecoveryManager Plus:

Automate incremental or complete backups of ADs, virtual machines, and
Recovery processes and Recovery plan is executed during or Windows servers to restore affected files in case of any cyberattacks.
procedures are executed and after a cybersecurity incident
maintained to ensure restoration of Network Configuration Manager:
systems or assets affected by Restore network functions in case of a misconfiguration disaster by
cybersecurity incidents. implementing a rollback mechanism to a trusted network configuration
version.

Improvements (RC.IM): RC.IM-1: Analytics Plus:

Identify areas of improvement using data from all your enterprise
Recovery planning and processes Recovery plans incorporate lessons applications or databases.
are improved by incorporating learned
lessons learned into future activities.

Communications (RC.CO): RC.CO-3: Site24x7 StatusIQ:

Keep all stakeholders in the loop about an incident by posting on your status
Restoration activities are Recovery activities are communicated page or sending out notifications via SMS or email.
coordinated with internal and to internal and external stakeholders
external parties (e.g. coordinating as well as executive and management
centers, Internet Service teams
Providers, owners of attacking
systems, victims, other CSIRTs, and
vendors).

35
02
 Step1: Prioritize and define the scope

By defining their business objectives and priorities

clearly, organizations can understand the
underlying support systems and assets that need
Step 2: Orient to be safeguarded from cyberthreats.

The identified support systems and

assets can be used to understand
applicable threats and vulnerabilities. This
helps in drafting an overall risk approach.
Step 3: Create a current profile

How can you Organizations can understand their current

establish or improve Step 4: Perform a risk assessment

cybersecurity posture by creating a profile that
illustrates the outcomes of categories and

a cybersecurity
subcategories that are being achieved.

To build a resilient cybersecurity

program?
management program, organizations must
assess the likelihood of a cybersecurity
event and the consequential impact on
business approach. Step 5: Create a target profile
The framework offers organizations a
repeatable set of actions that can be Based on their current profile and the possibility
of cybersecurity risks, organizations can
performed to design their cybersecurity
determine the chink in their armor. By focusing on
practices from scratch or build on their the area of vulnerability, the respective outcomes
existing program to tackle the evolving Step 6: Identify and prioritize gaps under categories and subcategories are noted
down to manage risks.
cyberthreat landscape
By comparing the current and target
profiles, organizations can determine the
efforts necessary to bridge the gap. By
formulating an action plan to address the Step 7: Implement an action plan
gap by outlining the budget, risk, benefit,
mission drivers, and resources, a Organizations can move towards their desired
cost-effective approach can be spelled target state with guidance from the informative
out with informed decisions.approach. references provided for the outcomes.
Organizations have the leeway to choose which
standards and guidelines better suit their
requirements. 36
01
 Parting thoughts
As with any worthy endeavor, the implementation of the NIST Cybersecurity Framework is
more about improving your cybersecurity posture as evolving threats arise rather than racing
towards a definite finish line. Keeping your organization secure is an enduring and iterative
process that comprises risk assessment and implementation of best practices. The framework
acts as a compass that guides organizations in the right direction to plan and prioritize their
cybersecurity strategies.

37
02
 About
ManageEngine
ManageEngine crafts the industry’s broadest suite of IT 280,000 companies around the world, including 9 of every 10
management software. We have everything you need—more Fortune 100 companies.
than 120 products and free tools—to manage all of your IT
operations, from networks and servers to applications, your As you prepare for the IT management challenges ahead,
service desk, AD, security, desktops, and mobile devices. we’ll lead the way with new solutions, contextual integrations,
and other advances that can only come from a company
Since 2002, IT teams like yours have turned to us for affordable, singularly dedicated to its customers. And as a division of Zoho
feature-rich software that’s easy to use. You can find our Corporation, we’ll continue pushing for the tight business-IT
on-premises and cloud solutions powering the IT of over alignment you’ll need to seize future opportunities.

38
01
 Take control of
Enterprise service management IT operations management
Full-stack ITSM suite Network, server, and application performance
IT asset management with a CMDB
Knowledge base with user self-service
your IT. monitoring
Bandwidth monitoring with traffic analysis
Built-in and custom workflows Monitor, manage, and secure your Network change and configuration management
Orchestration of all IT management functions Application discovery and dependency mapping
digital enterprise with ManageEngine
Service management for all departments Cloud cost and infrastructure monitoring
Reporting and analytics End-user experience monitoring
DNS management
AlOps

Identity and access management

Identity governance and administration
Privileged identity and access management Security information and event management
AD and Azure AD management and auditing Unified SIEM for cloud and on-premises
SSO for on-premises and cloud apps, with MFA Al-driven user and entity behavior analytics
Password self-service and sync Firewall log analytics
Microsoft 365 and Exchange management and Data leak prevention and risk assessment
auditing Regulatory and privacy compliance
AD and Exchange backup and recovery
SSH and SSL certificate management

Advanced IT analytics
Self-service IT analytics
Unified endpoint management and security Data visualization and business intelligence for IT
Desktop and mobile device management Hundreds of built-in reports and dashboards
Patch management ManageEngine crafts comprehensive IT Instant, flexible report creation
Endpoint device security management software for your business needs Out-of-the-box support for multiple data sources
OS and software deployment
Available for
Remote monitoring and management Enterprise IT | Managed service providers (MSPs)
Web browser security As
Self-hosted on-premises
Monitoring and control of peripheral devices Low-code app development
Self-hosted in public cloud (AWS, Azure)
Endpoint data loss prevention Zoho Cloud-native Custom solution builder
39
02
9 of every 10 Fortune 100 companies
trust us to manage their IT.

40
01
 www.manageengine.com

ManageEngine ManageEngine ManageEngine

02