Mapping to NIST and Exceeding the Standard with StealthWatch
|
|
- Ambrose Fletcher
- 7 years ago
- Views:
Transcription
1 Mapping to NIST and Exceeding the Standard with StealthWatch Using Lancope s StealthWatch System for Better Incident Response and Network Protection By Kevin Beaver, CISSP White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 1
2 Table of Contents Executive Summary 3 Introduction 3 What You Need to Know About NIST SP Revision 4 4 How Lancope s StealthWatch System Maps to NIST SP The Network as a Sensor 9 Proper Incident Response is Often the Missing Link 10 Conclusion 11 The Lancope StealthWatch System 13 White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 2
3 Executive Summary Today s network threats require government agencies and corporations alike to shift how they address information security. From the most technical IT administrators to high-level business executives, key personnel within the United States federal government and the private industry corporations they do business with are realizing that network control is decreasing while the risks are increasing. You cannot secure what s happening on the network if you don t know about it which underscores the importance of having the proper network security tools and processes in place to obtain the insight needed to respond in a rapid and focused manner when incidents do occur. The general lack of information about who is doing what, when, where, and how on enterprise networks underscores the fact that we really don t have control over our networks. This white paper discusses the latest revision of the NIST Special Publication standard for information security and privacy, and maps these changing security controls to Lancope s StealthWatch System. It also defines how Lancope enables government agencies and corporations to address mobile and cloud security; application security; trustworthiness, assurance, and resiliency of information systems; the insider threat; supply chain security; and the advanced persistent threat (APT). With the StealthWatch System, organizations can baseline, inventory, and label network assets, uncover and remediate security deficiencies, and continuously monitor and report on issues to maintain a strong security posture. Lancope s ability to transform the network into a virtual sensor grid helps facilitate compliance and ensure the ongoing visibility and control needed to minimize risks. Introduction Enterprise IT within government agencies and corporations is bearing a heavy burden today. Organizations are being attacked from inside and out. Malware is relentless. The budgets behind the threats have no limits. Given enough motivation, practically anyone can orchestrate and execute an attack capable of stealing priceless information or bringing down critical networks once deemed unbreakable. All it takes is one weakness or oversight for an attack or data theft to be carried out. 1 NIST Special Publication Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations, April 2013, White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 3
4 A serious challenge arguably the underlying cause of these security risks is the complexity of information systems. Be it cloud applications, mobile devices, or anything on the network in between, the sheer complexity of any given enterprise IT environment can create enormous security risks. The technical components that make up the network (applications, infrastructure devices, and the like) aren t all to blame. There are also people, policies, and processes in the mix that can make many networks seemingly unmanageable. But it s not all bad. Government agencies and corporations have numerous and often free resources at their disposal to provide guidance, including National Institute of Standards and Technology (NIST) Special Publication (SP) The SP standard, now in its fourth revision, has been updated to address the evolving challenges government agencies are currently facing. Various improvements have been made to address areas such as cloud computing, APTs, and information privacy all relevant issues impacting IT teams across the country. NIST SP is one of the most relevant information security standards frameworks. Its granular controls, based on the varying priorities of diverse information systems, provide detailed guidance on protecting networks and critical data. What You Need To Know About NIST SP Revision 4 Originating from the Federal Information Security Management Act (FISMA) of 2002, NIST Special Publication Security and Privacy Controls for Federal Information Systems and Organizations is to be used in conjunction with the Federal Information Processing Standard (FIPS) to ensure that federal agencies comply with FISMA requirements. In other words, NIST SP is a document that contains guidance, controls, and best practices to help federal agencies manage their information risks. The SP standard has 18 unique security control families that address the fundamental information security principles that many other standards and regulations, such as ISO/ IEC and the Health Insurance Portability and Accountability Act (HIPAA), are based upon. Many corporations especially those that deal with the federal government also use NIST SP as guidance for their own information security programs. White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 4
5 The latest revision of NIST SP (revision 4) was published in April Its key improvements include: The concept of overlays for more tailored security controls in unique environments Privacy controls addressing the management of sensitive data More granular and streamlined guidance around security control baselines Control mappings to Common Criteria (ISO/IEC 15408) The new SP revisions provide additional focus on taking a riskbased approach (referred to as Build It Right ), and on continuous monitoring 2, underscoring the importance of these two concepts in protecting enterprise networks. The document also addresses emerging technologies such as mobile devices and cloud computing, as well as threats such as APTs and malicious insiders. These are all key areas of focus for Lancope s StealthWatch System product line. Keep in mind that before SP can be realized on the network, endpoints on the network need to be categorized and labeled using FIPS 199. If you haven t performed this exercise, it s a worthy goal to have for the near future. Compliance is a worthy goal for NIST SP implementation, but it needs to go much deeper than that. Rather than attempting to piece together siloed security controls, an organization can align with the federal government requirements through acquisition of technologies such as Lancope s StealthWatch. This can minimize long-term resource investments and help ensure proper management of information risks. How Lancope s StealthWatch System Maps to NIST SP The StealthWatch System supports FISMA/NIST compliance by providing: Comprehensive, continuous monitoring of the physical and virtual network Behavioral-based anomaly detection to: Detect APTs and zero-day attacks that bypass perimeter defenses Uncover insider threats that can jeopardize security and compliance Custom rules to alarm on network traffic with sensitive systems 2 NIST Special Publication Revision 4, Foreword, Page XV White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 5
6 Automatic threat prioritization and mitigation for faster troubleshooting and incident response Layer 7 visibility to track application-level threats Identity awareness to uncover the root cause of issues all the way down to the user Network forensic data for easily conducting security investigations An easy-to-understand graphical user interface for gathering actionable network intelligence Advanced reporting capabilities to assist with demonstrating compliance To help facilitate compliance and ensure the ongoing visibility and control needed to minimize information risks, Lancope s StealthWatch System maps directly to the NIST SP requirements in areas such as mobile and cloud computing, trustworthiness, and resiliency of information systems, as shown in the following table. How Lancope s StealthWatch System Maps to NIST SP The StealthWatch System network visibility and security intelligence solution delivers key capabilities that map directly to the latest NIST SP standard in many areas. Note that this table represents only some of the ways that StealthWatch can help address the requirements and is not intended to be an all-inclusive list. For more information you can contact the Lancope federal sales team at fedsales@lancope.com. White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 6
7 SP Security Families SP Controls StealthWatch Capability Access Control AC-3 - Access Enforcement AC-3 As it relates to observed Network traffic separation (high/low/pci/etc.) Integration with other products such as Cisco ISE takes this a step further. Host Groups / Host Locks / Custom Events / Host Relationship Maps) Audit and Accountability Security Assessment and Authorization AU-2: Audit Events AU-3: Content of Audit Records AU-4: Audit Storage Capacity AU-5: Response to Audit Processing Failures AU-6: Audit Review, Analysis and Reporting AU-7: Audit Reduction and Report Generation AU-8: Time Stamps AU-9: Protection of Audit Information AU-10: Non-repudiation AU-11: Audit Record Retention AU-12: Audit Generation AU-13: Monitoring for Information Disclosure AU-15: Alternate Audit Capability AU-16: Cross-Organizational Auditing CA-2: Security Assessments CA-5: Plan of Action and Milestones CA-7: Continuous monitoring CA-9: Internal System Connections AU-2 (StealthWatch as an Audit source) AU-3 (StealthWatch as an Audit source) AU-4 (StealthWatch as an Audit source) AU-5 (StealthWatch as an Audit source) AU-6 (StealthWatch as an Audit source) AU-7 (StealthWatch as an Audit source) AU-8 (StealthWatch as an Audit source, Flow Tables) AU-9 (StealthWatch as an Audit source and Flows, Host Locks/Custom Events for access to controlled Audit systems) AU-10: Non-repudiation (StealthWatch as an Audit source) AU-11 (StealthWatch as an Audit source) AU-12 (StealthWatch as an Audit source) AU-13 (StealthWatch as an Audit source) AU-15 (StealthWatch as an Audit source) AU-16 (Flow Tables / Syslog) CA-2 (NBA/Custom Events/Host Lock/Flow Tables) CA-5 (As it relates to Network traffic/ Network Planning) CA-7 (Flow Tables) CA-9 (Flow Tables) Configuration Management CM-4: Security Impact Analysis CM-8: Information System Component Inventory CM-4 (As it relates to network usage/ Flow Tables) CM-8: (As the host is observed on the network - Host Profiles/Flows) Identification and Authentication CP-2: Contingency Plan CP-2 (As it relates to Network traffic/network Planning) Incident Response Planning IR-4: Incident Handling IR-5: Incident Monitoring IR-6: Incident Reporting IR-9: Information Spillage Response PL-2: System Security Plan PL-7: Security Concept of Operations PL-8: Information Security Architecture PL-9: Central Management IR-4 (StealthWatch system workflow and integrations with SIEM) IR-5 (StealthWatch as a monitoring/alarming IR-6 (StealthWatch as a monitoring/alarming IR-9: Suspect Data Loss / Data Hoarding Alarm profiles / Host Lock / Custom Events / DPI PL-2 (As it relates to network usage) PL-7 (As it relates to network usage) PL-8 (As it relates to network usage) PL-9 (StealthWatch Management Console / integration with SIEM) White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 7
8 SP Security Families SP Controls StealthWatch Capability Risk Assessment System and Services Acquisition System and Communications Protection System and Information Integrity Program Management RA-2: Security Categorization RA-3: Risk Assessment SA-4: Acquisition Process SA-13: Trustworthiness SC-5: Denial of Service Protection SC-7 Boundary Protection SC-10: Network Disconnect SC-31: Covert Channel Analysis SI-3: Malicious Code Protection SI-4: Information System Monitoring SI-5: Security Alerts, Advisories and Directives SI-6: Security Function Verification SI-12: Information Handling and Retention PM-5: Information Systems Inventory PM-6: Information Security Measures of Performance PM-7: Enterprise Architecture PM-8: Critical Infrastructure Plan PM-12: Inside Threat Program Pm-14: Testing, Training, and Monitoring PM-16: Threat Awareness Program RA-2 (As it relates to network usage) RA-3 (As it relates to network usage) SA-4 (9) Functions / Ports / Protocol / Services in Use - Host Profiling / Flows - Audit SA-13 (Hostgroups/HostLocks/CustomEvents SC-5 (StealthWatch as a monitoring/alarming SC-7 (StealthWatch as a monitoring/alarming SC-10 (StealthWatch as a monitoring/ alarming SC-31 (StealthWatch as a monitoring/ alarming SI-3 (StealthWatch as a monitoring/alarming source/slic, integration with SIEM) SI-4 (StealthWatch as a monitoring/alarming SI-5 (StealthWatch as a monitoring/alarming SI-6 (StealthWatch as a monitoring/alarming SI-12 (StealthWatch as a monitoring/alarming PM-5 (StealthWatch as a monitoring active host on the network/alarming source, integration with SIEM) PM-6 (StealthWatch as a monitoring/alarming PM-7 (As it relates to network usage/ Flow Tables) PM-8 (As it relates to network usage/ Flow Tables) PM-12 (StealthWatch as a monitoring/ alarming Pm-14 (StealthWatch as a monitoring/ alarming PM-16 (StealthWatch as a monitoring/ alarming *StealthWatch s roles will vary depending on contol systems deployed White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 8
9 In addition to significantly improving compliance, these StealthWatch System capabilities also translate into better incident response and network protection. By leveraging flow data from the network infrastructure, the StealthWatch System provides the pervasive visibility to quickly detect threats on the internal network and the situational awareness to determine who is doing what, on which device, where, and how on enterprise networks. StealthWatch delivers security context that enables organizations to respond rapidly to threats and effectively contain damage. The Network as a Sensor The nice thing about your network is that it can actually be used to protect itself. With dozens, even hundreds, of data extraction/ exporting points (i.e. firewalls, routers, switches and probes that export flow telemetry), you can use the network stack for detecting anomalous activity and minimizing security risks. NetFlow data can be particularly useful. Technologies such as Lancope s StealthWatch can collect NetFlow data and apply intelligence using hundreds of behavioral algorithms to make sense of what s actually happening. Visibility, traceability, and auditability are all part of the incident response equation. Early detection, quick response, and ongoing vigilance are essential for minimizing business risks. With the StealthWatch System, you have the ability to see what s taking place on the network at any given moment. This near real-time insight can help pinpoint which areas of the IT environment need attention and paint a much broader picture of the network s security posture than many people assume is possible. This level of information can be very useful for larger and more complex network environments, such as those at the federal government level. Existing network security technologies such as firewalls, intrusion prevention systems, and content filtering systems are good at preventing known attacks, but alone they fail to protect against advanced targeted attacks or zero-day malware. Not only can a breach bypass these traditional controls, but once you re alerted, odds are good that you still won t have enough information to be able to respond effectively. With today s advanced threats and exploits, perimeter and signature-based solutions are no longer enough. StealthWatch fills in the gaps where other controls fall short to provide cost-effective, pervasive visibility across the entire network. For the advanced threat, there are no longer places to hide and remain persistent. White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 9
10 Proper Incident Response is Often the Missing Link There s a universal IT law that many government agencies and corporations have learned over the years: you cannot secure what you are not aware of. Without pervasive, real-time intelligence into what is actually on the network it is impossible to properly secure or manage the network. The reality that many IT and information security managers and leaders face is that they don t truly have good information about what s happening on their networks. Whether due to budget or time concerns, or both, this blind spot should not be ignored. With technologies like StealthWatch, organizations can continuously monitor for and remediate risks, simplifying compliance processes and maintaining a strong security posture on an ongoing basis without expending excessive amounts of time and resources. NIST SP outlines the key areas of a reasonable incident response program. Many organizations have a formal incident response plan to address this, but documentation is not enough. The ability to actually execute the plan is what matters most. In order to do it well, you have to know where on your network the threat actually exists. Technologies and tools such as Lancope s StealthWatch System provide such benefits for incident response, allowing you to receive a quick return on your investment by being able to: Respond to threats more quickly to minimize impact Determine precisely which part of the network is infected Quarantine specific network segments rather than taking down the entire network Conduct thorough forensic investigations to help prevent future threats However you approach incident response, you cannot do it well without 1) seeing the bigger picture, 2) making your decisions based on reliable information, and 3) having the proper tools and telemetry to facilitate the process. White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 10
11 Conclusion The information security demands placed on federal government agencies and corporations by today s advanced threats have changed the way IT professionals must manage their networks. Siloed controls used to be sufficient, and a lack of communication among business units didn t impact information risk. The consequences of a serious network security breach were few and far between. In recent years, however, many things have changed. In order to be effective, today s security operations must involve continuous monitoring, auditing, and reporting in an effort to actually manage information risks. Ensuring that IT-related threats and vulnerabilities are kept in check requires enterprise-level leadership and enterprise-ready tools. A significant part of this effort can, and really should, include proactive security technologies such as Lancope s StealthWatch System. It is also recommended that federal government agencies and corporations get to know the NIST SP standard. It has become well known and widely accepted for a reason. Those organizations that have implemented its security control baselines have positioned themselves ahead of the curve. As the saying goes, it pays to dig your well before you re thirsty. Organizations that are proactive in this area of IT will be rewarded time and again. White Paper Mapping to NIST and Exceeding the Standard with StealthWatch 11
12 White Paper Mapping to NIST and Exceeding the Standard with StealthWatch VISION TO SECURE, INTELLIGENCE TO PROTECT About the Author Kevin Beaver, CISSP, is an independent information security consultant, writer, and professional speaker with Atlanta, GA-based Principle Logic, LLC. He has two and a half decades of experience in IT and specializes in performing information security assessments revolving around compliance and minimizing business risks. Kevin has authored/coauthored 11 books including one of the best-selling information security books Hacking For Dummies (Wiley) as well as Implementation Strategies for Fulfilling and Maintaining IT Compliance (Realtimepublishers.com) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He is also the creator and producer of the Security On Wheels audio programs providing security learning for IT professionals on the go (securityonwheels.com). Kevin can be reached at his website and you can follow him on Twitter and connect to him on LinkedIn at www. linkedin.com/in/kevinbeaver. 12
13 White Paper Mapping to NIST and Exceeding the Standard with StealthWatch VISION TO SECURE, INTELLIGENCE TO PROTECT The Lancope StealthWatch System Lancope, Inc. is a leading provider of network visibility and security intelligence to defend organizations against today s top threats. Delivering pervasive insight across distributed networks, Lancope improves incident response, streamlines forensic investigations, and reduces enterprise risk. The StealthWatch System helps government agencies and corporations address: APT - The StealthWatch System can detect the various steps of an advanced attack including network reconnaissance, internal pivoting, zero-day malware, C&C communications, and data exfiltration. Insider Threat - The StealthWatch System provides the internal network insight needed to identify suspicious user activities however authenticated and thwart attacks launched by malicious insiders trying to sabotage the organization or steal confidential data. Malware - The StealthWatch System can detect the full spectrum of malware and botnets, including zero-day attacks, whether they come in through the perimeter, from mobile devices, or on USB keys. DDoS - DDoS attacks have become increasingly prominent, and the size of the attacks keeps growing. The StealthWatch System identifies DDoS attack sources before they cause costly service outages. Audit & Compliance The StealthWatch System monitors communications across networks and the cloud for more effective compliance. The system helps enforce policies and detects network misuse and unauthorized access to confidential data, while firewall auditing capabilities ensure that traffic adheres to security policies. BYOD The StealthWatch System monitors users and mobile devices on the network, including personal smart phones, tablets, and laptops. Mobile awareness helps pinpoint the exact source of issues such as zero-day attacks, insider threats, policy violations, and data leakage. Performance Bottlenecks - The StealthWatch System provides high-level traffic overviews and sophisticated drill-down capabilities to help uncover the root cause of network slowdowns within minutes. To learn more or request a demo, contact fedsales@lancope.com. Lancope, Inc Brookside Parkway, Suite 500, Alpharetta, GA (888) Lancope, Inc. All rights reserved. Lancope, StealthWatch, are registered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners. WP-r
Network Performance + Security Monitoring
Network Performance + Security Monitoring Gain actionable insight through flow-based security and network performance monitoring across physical and virtual environments. Uncover the root cause of performance
More informationNetwork as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats
Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats Dragan Novaković Consulting Systems Engineer Security November 2015. New Networks Mean New Security Challenges
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationSecurity and Privacy Controls for Federal Information Systems and Organizations
NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems JOINT TASK FORCE TRANSFORMATION INITIATIVE This document contains excerpts from NIST Special Publication
More informationSTEALTHWATCH MANAGEMENT CONSOLE
STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationFISMA / NIST 800-53 REVISION 3 COMPLIANCE
Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats
Solution Overview Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats What You Will Learn The network security threat landscape is ever-evolving. But always
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationOverview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A
Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A What is NetFlow? Network protocol originally developed by Cisco
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More informationCTR System Report - 2008 FISMA
CTR System Report - 2008 FISMA February 27, 2009 TABLE of CONTENTS BACKGROUND AND OBJECTIVES... 5 BACKGROUND... 5 OBJECTIVES... 6 Classes and Families of Security Controls... 6 Control Classes... 7 Control
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationCyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1
C b Th Cyber Threatt Defense D f S Solution l ti Moritz Wenz, Lancope 1 The Threat Landscape is evolving Enterprise Response Antivirus (Host-Based) IDS/IPS (Network Perimeter) Reputation (Global) and Sandboxing
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationPalo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats
Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats Executive Summary Palo Alto Networks strategic partnership with Splunk brings the power of our next generation
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationSTEALTHWATCH MANAGEMENT CONSOLE
System STEALTHWATCH MANAGEMENT CONSOLE The System by Lancope is a leading solution for network visibility and security intelligence across physical and virtual environments. With the System, network operations
More informationU.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL
U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationwhitepaper The Benefits of Integrating File Integrity Monitoring with SIEM
The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationSecurity Controls Assessment for Federal Information Systems
Security Controls Assessment for Federal Information Systems Census Software Process Improvement Program September 11, 2008 Kevin Stine Computer Security Division National Institute of Standards and Technology
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationCisco Cyber Threat Defense - Visibility and Network Prevention
White Paper Advanced Threat Detection: Gain Network Visibility and Stop Malware What You Will Learn The Cisco Cyber Threat Defense (CTD) solution brings visibility to all the points of your extended network,
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationSolutions Brochure. Security that. Security Connected for Financial Services
Solutions Brochure Security that Builds Equity Security Connected for Financial Services Safeguard Your Assets Security should provide leverage for your business, fending off attacks while reducing risk
More informationIBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security
IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationWHITE PAPER WHAT HAPPENED?
WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSession 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness
Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationCisco Advanced Malware Protection
Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationREVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS
REVOLUTIONIZE THE WAY YOU VIEW YOUR NETWORK GAIN A UNIFIED VIEW OF SECURITY AND NETWORK OPERATIONS ACROSS PHYSICAL AND VIRTUAL NETWORKS STEALTHWATCH BY LANCOPE Lancope expertly provides flow-based visibility
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationCOORDINATION DRAFT. FISCAM to NIST Special Publication 800-53 Revision 4. Title / Description (Critical Element)
FISCAM FISCAM 3.1 Security (SM) Critical Element SM-1: Establish a SM-1.1.1 The security management program is adequately An agency/entitywide security management program has been developed, An agency/entitywide
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationRequirements When Considering a Next- Generation Firewall
White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationINTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH
INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH INTRODUCTION: WHO S IN YOUR NETWORK? The days when cyber security could focus on protecting your organisation s perimeter
More informationHealth Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper
Regulatory Compliance Solutions for Microsoft Windows IT Security Controls Supporting DHS HIPAA Final Security Rules Health Insurance Portability and Accountability Act Enterprise Compliance Auditing &
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationwith NetFlow Technology Adam Powers Chief Technology Officer apowers@lancope.com
Maximize Network Visibility with NetFlow Technology Adam Powers Chief Technology Officer apowers@lancope.com www.lancope.com com Agenda What is NetFlow h Introduction to NetFlow h NetFlow Examples NtFl
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationCONTINUOUS MONITORING
CONTINUOUS MONITORING Monitoring Strategy Part 2 of 3 ABSTRACT This white paper is Part 2 in a three-part series of white papers on the sometimes daunting subject of continuous monitoring (CM) and how
More informationSECURITY ANALYTICS AND MORE Putting together an effective Incident Response plan
SECURITY ANALYTICS AND MORE Putting together an effective Incident Response plan What You Will Learn In this white paper, IT and security team members will learn about the necessary components of an effective
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationEnterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security
More informationNetwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure
Netwrix Auditor Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure netwrix.com netwrix.com/social 01 Product Overview Netwrix Auditor
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationNIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich
NIST 800-53A: Guide for Assessing the Security Controls in Federal Information Systems Samuel R. Ashmore Margarita Castillo Barry Gavrich CS589 Information & Risk Management New Mexico Tech Spring 2007
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationCA Host-Based Intrusion Prevention System r8.1
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationMaximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope
Maximize Network Visibility with NetFlow Technology Andy Wilson Senior Systems Engineer Lancope Agenda What is NetFlow Introduction to NetFlow NetFlow Examples NetFlow in Action Network Operations User
More informationProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst
ESG Lab Spotlight ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst Abstract: This ESG Lab Spotlight examines the
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationHow To Protect Your Data From Attack
Solutions Brochure Situation Under Control Security Connected for the Public Sector 2 Security Connected for the Public Sector Increase Availability. Strengthen Resiliency. Government entities face pressure
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationUsing LYNXeon with NetFlow to Complete Your Cyber Security Picture
Using LYNXeon with NetFlow to Complete Your Cyber Security Picture 21CT.COM Combine NetFlow traffic with other data sources and see more of your network, over a longer period of time. Introduction Many
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014
Solution Brief EventTracker Enterprise v7.x Publication Date: July 22, 2014 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical solutions that
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationThe Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationCisco Advanced Malware Protection for Endpoints
Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More information