RS.MI-01 Incidents are contained.

Silverfort enables organizations to begin the IR process with a complete malicious access lockdown. Depending on the intensity and scope of the ongoing attack, they may determine the level of lockdown and the balance between MFA and block access policies. Most often, MFA would achieve the same level of containment as block access, while allowing legitimate users to continue to access resources.

By utilizing both MFA and block access policies with Silverfort, malicious attempts at logging in to additional resources are prevented. MFA is especially effective since it provides a clear indication of which accounts have been compromised, achieving both containment and discovery simultaneously. This will allow you to rapidly shut down an attack by automatically denying users access to resources until the attack has been eradicated and is in recovery mode.

RS.MI-02 Incidents are eradicated.

Silverfort helps eradicate incidents by enabling incident response (IR) teams to block lateral movement and detect compromised user and service accounts. Silverfort's capabilities include configuring MFA and access block policies for any user account, especially the ones that have been identified as compromised. Silverfort also offers automated visibility into service accounts, allowing IR teams to create policies that block access or alert deviations from standard behavior, which are indicators of compromise.

Additionally, Silverfort's detailed log screens aggregate authentication and access attempts, assigning risk scores to detect malicious activities. These features allow IR teams to contain threats, eliminate the presence of attackers, and restore systems to their original state, effectively eradicating incidents.

RS.AN-03 Analysis is performed to establish what has taken place during an incident and the root cause of the incident.

Silverfort assists with incident analysis by providing detailed logs of all authentication and access activities. This allows security teams to understand what occurred during an incident and determine the root cause. Using comprehensive data on user access requests and behaviors, Silverfort facilitates a comprehensive investigation and understanding of the events leading up to and during a security incident. Silverfort's real-time monitoring capabilities enable it to detect anomalies and suspicious activities, providing insights into the course of an incident. As a result of this detailed analysis, it is possible to pinpoint the exact nature and origin of the problem, thereby facilitating effective remediation and strengthening security overall.

DE.AE-02 Potentially adverse events are analyzed to better understand associated activities.

Silverfort provides detailed logs of all user access requests and authentication activities. These logs enable security teams to investigate and understand the sequence of events leading up to the adverse incident. Correlating these activities allows Silverfort to understand the context of adverse events and identify the root cause in real time. This proactive approach not only enhances incident response capabilities but also supports ongoing security monitoring and compliance efforts effectively.

DE.CM-01 Networks and network services are monitored to find potentially adverse events.

Silverfort monitors all authentications between all endpoints and the other assets of the organization, and alerts / deny upon anomalous activity. This includes but is not limited to attempts of lateral movement.

DE.CM-03 Personnel activity and technology usage are monitored to find potentially adverse events.

Silverfort monitors all identity traffic and authentication activities across an organization's environment, providing visibility into every authentication and access request. With complete visibility across all user activity, Silverfort’s risk engine can determine the risk of every authentication, so organizations can detect and respond to potential security threats in real time — including blocking the access of any accounts that display anomalous behavior.

DE.CM-06 External service provider activities and services are monitored to find potentially adverse events.

Silverfort enables admins to monitor all third-party authentication requests, as well as detect and prevent their abuse by adversaries for malicious access.

PR.PS-04 Log records are generated and made available for continuous monitoring.

Silverfort provides admins with detailed logs of all accounts including Active Directory service accounts. Silverfort documents every authentication and access attempt in the environment.

PR.AA-01 Identities and credentials for authorized users, services, and hardware are managed by the organization.

Silverfort provides comprehensive visibility into all user access across the organization, including service accounts used by non-human resources to access various assets. This visibility can help manage identities by monitoring access patterns and identifying any unusual or unauthorized activities.

Silverfort enforces MFA protection across all users and resources, both on-prem and in the cloud. This applies to all Active Directory authentications, including those that couldn’t be protected by MFA before, such as legacy applications, command-line access, databases, networking infrastructure and many others.

PR.AA-03 Users, services, and hardware are authenticated.

Silverfort can enforce MFA on any access request, whether on-prem, remote, or third-party, and for every level, from regular users to admins. In an Active Directory (AD) environment, Silverfort can enforce MFA and block access policies on any LDAP/S, NTLM, and Kerberos authentications. This expands the scope of MFA protection to a wide array of resources and access methods that couldn’t have been protected before, such as command-line tools, legacy applications, IT infrastructure and more.

Silverfort ensures no access is granted based on passwords alone, and users are required to authenticate through MFA to verify that they are who they claim to be.

PR.AA-04 Identity assertions are protected, conveyed, and verified.

Silverfort provides comprehensive visibility into all user access across the organization, including service accounts used by non-human resources to access various assets. This visibility can help protect identity assertions by monitoring access patterns and identifying any unusual or unauthorized activities. This allows organizations to configure and apply access policies to ensure only authorized users have access to resources in the environment.

PR.AA-05 Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties.

Silverfort enforces flexible access policies, and organizations can embed cybersecurity into their policies, processes, and procedures. Admins can define access control policies based on specific user roles, risk scenarios and organizational security policies. Silverfort enforces these policies in real time, so only authorized users and devices can gain access to the resources they are assigned to. As a result of these policies, alerting, MFA, or blocking access to all users who were defined in the policy can be enforced.

PR.AA-06 Physical access to assets is managed, monitored, and enforced commensurate with risk.

Silverfort enhances physical access management to assets by leveraging its advanced detection and visibility capabilities. It continuously monitors authentication and access activities, identifying patterns that indicate unauthorized access attempts and assigning risk scores to users and assets based on behavior.

This risk assessment approach prioritizes the physical security of high-risk or high-value assets. Additionally, Silverfort integrates with physical security systems like access control and surveillance, enabling real-time monitoring and enforcement of physical access policies.

ID.RA-01 Vulnerabilities in assets are identified, validated, and recorded.

Silverfort integrates with all identity providers to seamlessly monitor all identity traffic and authentication activities in one place. With complete visibility across all user activity, Silverfort’s risk engine can determine the risk of every authentication, so organizations can detect and respond to potential security threats in real time — including blocking the access of any accounts that display anomalous behavior, while alerting on any excessive access requests and detected malicious activity.

ID.RA-03 Internal and external threats to the organization are identified and recorded.

Silverfort provides admins with a detailed log screen that documents every authentication and access attempt in the environment. The log screen includes optional filters to detect insecure authentications, suspicious activity, misconfigurations, and other anomalies. Silverfort detects and alerts against invalid access attempts that appear to be malicious.

ID.RA-04 Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded.

With Silverfort, you can detect and identify potential identity

risks associated with risky users. With continuous monitoring and advanced behavioral analytics, Silverfort can identify unusual or risky user behavior that may indicate compromised accounts or identity threats. By recording these potential risks in the Logs screen, Silverfort provides organizations with valuable insights into the likelihood and impact of threats, enabling proactive measures to mitigate these threats.

ID.RA-05 Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization.

Silverfort provides comprehensive insights into user behavior and associated security threats through its risk reports. These reports analyze threats, user and authentication activity and impact by continuously monitoring user activities and detecting anomalies or risky behaviors. Silverfort's risk reports enable organizations to prioritize risks with a more data-driven approach to help them make informed decisions on where to focus security efforts.

ID.AM-02 Inventories of software, services, and systems managed by the organization are maintained.

Silverfort provides an in-depth identity inventory that displays the types of users and resources in the environment as well as security weaknesses. This enables you to detect and respond to potential security threats, including blocking the access of any accounts that display anomalous behavior. Silverfort provides full visibility into all user accounts’ authentication trails, while alerting on any excessive access requests and detected malicious activity.

ID.AM-03 Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission.

Silverfort provides admins with a detailed log screen that documents every authentication and access attempt in the environment. The log screen includes optional filters to detect insecure authentications, suspicious activity, misconfigurations, and other anomalies. Silverfort detects and alerts against invalid access attempts that appear to be malicious.

ID.AM-05 Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission.

Silverfort's detection and visibility capabilities enable effective asset prioritization. First, it continuously analyzes authentication and access activities, assigning risk scores to users and machines based on their behavior. This risk analysis helps identify critical assets that are frequently accessed or targeted, allowing for prioritization based on risk level and potential mission impact.

Secondly, Silverfort provides comprehensive visibility into all user access across the organization, including service accounts used by non-human resources. By monitoring these access patterns, organizations can identify which resources are most used or potentially overused, helping to prioritize resources based on their importance to ongoing operations. Finally, Silverfort's threat detection capabilities can identify potential security incidents and risks, helping to prioritize assets based on their vulnerability to threats, which could significantly impact the mission if compromised.

GV.RR-02 Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced.

Silverfort enables organizations to define and enforce specific access policies based on user roles and responsibilities, ensuring only authorized individuals have the appropriate level of access. By ensuring clarity and control, cybersecurity roles and responsibilities are well communicated and understood, enhancing accountability and compliance.

GV.OV-02 The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks.

Silverfort provides a Risk Report functionality that enables organizations to create a summary of the entity’s identity security posture in a single click, delivering security teams with clear insights into issues that need resolving. This offers detailed guidance on the mitigation best practice for every detected risk and the ability to configure an access policy that prevents risky authentications from taking place.

GV.SC-01 A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders.

Silverfort provides organizations with the ability to manage and control all third-party and supply-chain access by enforcing access policies to all third-party users. Silverfort ensures that only authorized personnel can access critical systems and data by enforcing precise access controls and multi-factor authentication for third-party users.

GV.SC-07 The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship.

Silverfort monitors and provides risk analysis of every incoming authentication and access attempt. This enables Silverfort to detect identity threats and alert on malicious activity. Silverfort can also enforce security controls (such as MFA protection or deny access policies) on all remote access to on-prem and cloud systems and on any third-party application accessed on-prem or via a cloud directory.

GV.PO-01 Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced.

Silverfort enables organizations to apply and enforce cybersecurity in their policies, processes, and procedures. With Silverfort admins can define access control policies based on specific user roles, risk scenarios, and organizational security policies. These policies can enforce alerting, MFA, or block access upon insecure authentication to protected systems.

Silverfort enforces these policies in real time, so only authorized users and devices can gain access to the resources they are assigned to.

GV.PO-02 Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission.

Silverfort’s access policies are configured based on the users, groups, and OU from the directories in the environments. As such they can be applied to users based on their privileges and organizational classifications, allowing admins to create access groups and monitor log files to detect malicious or irregular activity.