The GreySpark Analysis Process
Recognize and Enrich
Cyber Defense Matrix (CDM)
The GreySpark Cyber Defense Matrix (CDM) provides an intuitive and informative visualization of controls (processes and technologies) as they correspond to the NIST CSF operational security functions (Identify, Protect, Detect, Respond, Recover) as well as the classes of assets in the environment (Devices, Applications, Networks, Data and Users). This 5x5 matrix serves as a communication about controls coverage, and, when driven by sensor data, shows controls operational status as well as adherence to compliance frameworks.
Quick assessment of cyber security control set in a NIST CSF framework.
The Cyber Defense Matrix Controls Coverage module within GreySpark will help you highlight gaps and identify appropriate ways to close them.
Below is an example of the recommendations provided within the platform. This table highlights gaps and provides recommendations for the cyber security technology and process architecture for a specific organization.
Data-driven proof of controls operations indicates misconfigurations.
The Cyber Defense Matrix Controls Coverage module allows you to see where you have gaps in your operational controls.
Below is an example of recommendations for improvements to controls coverage for a specific organization. The following table highlights areas where, although technologies or processes were indicated as implemented, there is no evidence of operation. You should verify that these are operating as intended and forwarding data to the GreySpark Data Collection Appliance.
Gaps in coverage and operations against compliance frameworks.
The Cyber Defense Matrix Compliance module allows you to see exactly where you have gaps against your compliance framework. Below as an example of the compliance coverage recommendations for a specific organization.
The controls framework indicated for this security operation is the First 5 CIS. The following table lists technologies or processes required for controls framework compliance that are either NOT DEPLOYED or show NO EVIDENCE of operations. For technologies deployed but no evidence of operation, you should verify that these are operating as intended and forwarding data to the GreySpark Data Collection Appliance. For technologies or processes not deployed, you may close the gap by implementing a selection of the technologies listed in the table below.