Yes, We Have NIST!

Adding NIST controls to 10,666 cybersecurity products

At the beginning of April we announced the evolution of the IT-Harvest Dashboard from the only platform for researching the cybersecurity industry to the only database of over 10,000 cybersecurity products.

Think about it. Would you invest in a cybersecurity startup without looking at *all* of the competing products? If you were a founder would you even bother creating a new product if there were already a dozen competitors? If you were a security architect wouldn’t you want to know all your options?

As we ingested each product we aligned it with the MITRE ATT&CK Techniques that it counters. When we briefed CISOs on this new capability 100% said they would also like the products aligned with the NIST Cybersecurity Framework (CSF).

We are well into the summer slowdown as everyone takes some well-deserved time off. Here at IT-Harvest we are not slowing down at all! :-)

Today we are announcing the addition of NIST controls to the 10,666 cybersecurity products we catalog. Security architects will be able to refine their searches based on these controls. On the roadmap: the ability to input your existing security stack and discover any gaps based on NIST coverage (and overlaps!)

Here is a view of the Securonix SIEM product description. You can see the NIST designations at the bottom.

The new NIST update includes all five functions (Identify, Protect, Detect, Respond, Recover) and the 23 main categories that fall under these functions. In total, we have 15,030 mappings from products to individual NIST categories, all of which can be searched through a new dedicated filter. We have mappings for ~7,100 products (with more being added in on-going updates to our program). With this week's update, users can now view available NIST mappings for all products in three areas of the Dashboard: Product search, Product view (individual product details panel), and Vendor profiles. These three sections now display key NIST information on products including the category, the parent function, and the corresponding IDs provided by NIST (for quick reference). The product search page has also been updated to include semantic search functionality for keywords in addition to an overhauled MITRE ATT&CK filter which now features the ability to add multiple techniques in combination with other filters. Both MITRE and NIST tags visible in the product search results can be clickable to do a quick search on a particular technique or category. We are currently scheduled to update all NIST mappings once a week. 

The IT-Harvest Dashboard is the only place where you can find all cybersecurity products aligned with both NIST and MITRE ATT&CK.

We will be at BlackHat. Feel free to reach out if you want to see more!