KALI PURPLE AND THE NIST
Kali Purple’s raison d’être and its tool organisation structure is based on the NIST (National Institute of Standards and Technology) cybersecurity framework version 1.1, designed to address the risks associated with cyberattack. Broadly speaking, it’s divided into five areas. Identify doesn’t just mean identify your attacker, it relates to identifying your own assets and vulnerabilities. It means knowing your hardware and software inventory so that if a new machine appears on the network, you know whether it’s one of yours. Protect helps with access management, conducting regular backups, and training users not to do stupid things. Detect exists to help you detect the presence of a threat. This usually involves logs, knowing what kind of activity you would normally expect versus what’s going on at the moment. Dashboards are handy for this, and give you at-a-glance stats and visualisations.
If you are under attack and someone is busily encrypting your disks, you need to Respond, and Kali Purple has you covered with an entire drawer full of tools. Do you pull the drives? Cut the connection? Ready your Bitcoin account for a massive transaction? Or wait it out and restore from backup? Ideally, you should have some kind of plan in place for every type of incident. Eventually, the attack will be over and you and your organisation need to Recover. Usually this involves checking what damage has been done, beefing up security protocols and restoring backups where necessary.
Whether you use Kali Purple or not, cyberattacks can happen to anybody, and it’s a good idea to have a cybersecurity framework-based plan in place as a precaution.