Identify, protect, detect, respond, and recover are the five categories that the National Institute of Standards and Technology (NIST) uses in its NIST Cybersecurity Framework. This guideline can help organizations assess and manage their cybersecurity risks. Pondurance, a managed detection and response (MDR) services provider with a 24/7 security operations center, aligns its service lines with these same five categories to develop holistic cybersecurity programs for clients. 

In a recent webinar, Dustin Hutchison, Chief Information Security Officer and Vice President of Services at Pondurance, explains Pondurance’s risk-based approach to cybersecurity. A risk-based approach focuses on your organization’s specific cyber risks and considers what your organization wants to accomplish and what it needs to protect. Dustin provides definitions and discusses the steps involved in each of the five categories. The final category, recover, offers ways for an organization to quickly get back to normal business operations and minimize the impact after a cyber incident. In this blog, we’ll review Dustin’s explanation of the recover category including the components of learn and report and evolve.

Learn and Report

Day in and day out, you want your organization’s cybersecurity program to get better — that’s the goal. Your organization needs to understand what’s happening in your cyber environment so you know what’s normal. Once you have that baseline for normal, you can perform a trend analysis to train your systems and your team on what to do in the event of a cyber incident. What are people’s roles? How do you escalate? What do you need to do from a control standpoint? Your organization needs to know the answers to these important questions and many others to properly recover.

Pondurance believes that a trend analysis can lead to a cleaner network, fewer alerts, and less work for your team. That way, your team can spend more time focusing on your organization’s mission and less time responding to security incidents. In addition, Pondurance compiles summary reports and recommendations that detail what happened during an incident, and your organization can learn lessons from these incidents to improve your cybersecurity program.


In the evolve stage, your organization can use machine learning (ML) and artificial intelligence (AI) across your entire system, but a human must be in the loop. The human is there to make smart decisions about what alerts are real, what activity is novel, and what your organization needs to do to avoid harm or keep the impact to a minimum. 

Pondurance believes human attackers must be confronted by human defenders. Without experienced cyber professionals on your team to leverage security tools, cyberattackers will work around your defenses. As a result, Pondurance employs a combination of human intelligence and supervised ML and AI to help organizations recover from cyber incidents. The team also uses:

  • On-premises and cloud assets, including networks, endpoints, users, clouds, apps, and servers and workloads, to determine what’s being monitored
  • Global threat intelligence to determine what’s being collected, including billions of log, network, endpoint, and cloud events as well as asset and vulnerability data
  • Threat research from hundreds of correlated alerts on the Scope platform for data analysis
  • Proactive threat hunting to validate and investigate threats and provide closed-loop incident response and forensics
  • Notifications, containment, advice, and reports to keep your IT and cybersecurity teams aware of all cyber activity in your environment

In addition, after a cyber incident, Pondurance’s cyber professionals can help restore systems, navigate legal and compliance issues, coordinate internal and external communications, work with cyber insurance providers, and more.


A risk-based approach focuses on your organization’s cyber risks and considers what your organization wants to accomplish and what it needs to protect. That way, your organization recovers using the best cybersecurity strategies for your unique cyber risks. Watch the webinar to find out more about the five categories involved in Pondurance’s risk-based approach to cybersecurity.