Event Logs are Key to a Secure Network
|
|
- Kristin Reeves
- 8 years ago
- Views:
Transcription
1 Event Logs are Key to a Secure Network by Sari Stern Greene, CISM, CISSP, NSA-IAM, Sage Data Security Most companies have smart people running well-designed networks that use sound security policies and procedures. Yet, they still experience threatening situations every day, some initiated by malicious intent, and others due to simple human error. Hackers are inventing new and increasingly sophisticated ways to break into corporate information systems, and companies must respond with more effective ways to protect their vital corporate information systems, networks, and data. Among the most reliable, accurate, and proactive tools in the security arsenal are the event and audit logs created by network devices. Yet, few organizations understand what devices to monitor, what information to capture, or how to properly evaluate the data. In addition, few have the resources required to stay on top of the task. Following is information on the benefits of mining network and information device event logs, and how to maximize external resources to minimize the security threat. Today s Security Threats Heeding Uncle Sam s Rules Monitoring event logs is more than just good policy for securing an IT infrastructure it also is an integral part of complying with a number of government regulations. These regulations span multiple industries, from financial to healthcare to general business. Following are some insight into their requirements, and ways that event log management can help your firm comply. continued... It's no secret that securing information is one of the largest challenges faced by businesses today. While much of the attention, and most security strategies, are focused on malicious attacks such as phishing and hacking, a surprising number of security breaches are the result of allowed activity. In general, security concerns fall into five major categories: Malicious attacks from unknown/unauthorized sources. Unauthorized access to or against your systems from either internal or external locations. These are not nuisance attacks. They are bonafide criminal activity. Malicious attacks from known/authorized sources. A significant number of attacks are generated by insiders authorized users, business partners, and third party service providers. Unfortunately, not all of these individuals are trustworthy. Proxy attack scenarios. It is very common for an attacker to use computers distributed throughout the world as weapons. This process is transparent to the system owner. No one wants to have their computer systems used this way. Having your computer systems used as part of a larger threat certainly flies in the face of good corporate citizenry and can cause major reputational damage. Unintended breaches created from human error. Not all threatening activity is malicious sometimes, people just make mistakes or are fooled into taking action. Privacy and regulatory compliance violations. Many organizations have a legal and a fiduciary obligation to safeguard protected information. Violations, however unintentional, can have serious ramifications. These types of events are not uncommon. They happen every day, sometimes every minute, and no company is immune. But regular attention to and mining of the device audit and event logs can yield important information to combat these and other security threats. In addition, monitoring event and audit logs is an integral part of complying with a variety of federal regulations including Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Federal Information Security Management Act (FISMA). In addition, as of October 2007, thirty-seven states have instituted security breach notification laws that require businesses to monitor and protect specific sets of consumer data. (See sidebar, Heeding Uncle Sam s Rules for more information about industry regulations.)
2 The Gramm Leach Bliley Act The Gramm Leach Bliley Act of 1999 (GLBA) outlined a number of security protocols that financial institutions must follow in order to protect their customer s information. The GLBA standards for safeguarding information cite that banks must protect against any anticipated threats or hazards to the security of information, and protect against any unauthorized access to or use of that information. They also must monitor systems to detect actual and attempted attacks on or intrusions into customer information systems. GLBA dictates that banks and financial institutions monitor activity captured by network device event logs and that they are reviewed on a regular and timely basis. continued... The Benefits of Event Logs Every device within a company s IT infrastructure network switches and routers; file, print, application, database and web servers; systems; and firewalls is capable of logging activity. So why don t more organizations use event logs to catch attacks? Part of the difficulty lies in the volume of event logs to review: each device generates approximately 600 events per minute. A network with 15 devices generates 13 million events per day to review. No matter how big the company, few can afford to hire enough people to evaluate that volume of information. Organizations need to prioritize which logs are essential by identifying the devices and applications that store, process, and transmit critical data. Ideally, security professionals will collect data from every significant device and application on the network. At a minimum, it is recommended that organizations collect data from firewall, web server, and network authentication servers. (See sidebar, What devices should you monitor? for information on what data to collect and devices to monitor.) Determining which devices are critical, and which information is significant, is not a one-size-fits-all proposition. Each organization needs to conduct an impact assessment of its network prior to establishing a log-capture and -review policy. Publicly accessible systems are more targeted than internal systems, simply because the number of people who can attack them is greater. ecommerce application/database servers are critical, both because they contain sensitive information that organizations must protect and because they tend to drive an organization s revenue stream. But organizations also need to prioritize the monitoring of internal servers and devices and each organization will need to determine the level of criticality of their devices on a case-by-case basis. The next step is to determine the type of information the organization is looking to extract from a specific log. Again, this information must be customized for each organization, as some will need to identify unauthorized access, user activity, and administrative activity while others need to measure volume of activity or document compliance of processes including user/group administration or change management. While event logs help companies identify breaches and attacks, they also help companies define normal activity. This process is crucial: by truly understanding how a network or information systems architecture performs normally on a daily basis, companies then have a baseline for comparison to identify abnormal behavior. This vital information provides the framework upon which a log-monitoring and -management plan can be customized. One common mistake in developing a security strategy is to focus only on errors and known breaches. What might appear to be valid traffic coming into a web server could actually be the result of someone mirroring a corporate website so they can perform phishing attacks. It s difficult to spot this activity using standard web reports, since the technique criminals use may appear as if someone is
3 The Sarbanes-Oxley Act The Sarbanes-Oxley Act (SOX) of 2002 requires all U.S. public company boards, management, and public accounting firms to establish a variety of internal controls, including securing their information technology infrastructures. One of the approved frameworks is that of COBIT: Control Objectives of Information and Related Technology, a set of best practices created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). COBIT requires companies to perform frequent IT security audits, both from personnel within and without its internal organization, to evaluate and mitigate risk to information. Event logs capture vital information on attempted and successful breaches, and are an integral resource for complying with SOX requirements. continued... The Benefits of Event Logs continued simply viewing website pages. Yet, website and firewall logs can identify site mirroring from normal user traffic: most website visitors will spend a certain amount of time on the website and only access a subset of the site s pages. Web server logs can identify when a visitor methodically hits every page on a site in rapid succession. This type of activity, particularly if it comes from an IP address located outside of the company s traditional customer base, is an example of how authorized activity is not always the same as safe activity. A Manageable Amount of Data After an organization has collected event logs for all identified network devices, the next step is to assemble the data so that they can be analyzed. It s impossible to review every single log entry manually, so security administrators must aggregate, correlate, and normalize entries to create a report that identifies all of the important network activity into a manageable amount of information for review. Each step in this data-capture process narrows down the information that requires human oversight. It s tempting to focus on malicious events only to reduce the number of events to review, but many security incidents are the result of allowed activity. Following are the steps that organizations should follow for log preparation and log analysis. This process is rigorously followed by Sage Data Security analysts: Log Preparation Log Parsing: This is the process of extracting data from a log so that the parsed values can be used as input for another logging process. A simple example of parsing is reading a text-based log file that contains 10 comma-separated values per line and extracting the 10 values from each line. Event Filtering: In this step, log entries are suppressed from analysis because their characteristics indicate that they are unlikely to contain information of interest. For example, duplicate entries and standard informational entries might be filtered because they do not provide useful information to log analysts. Event Aggregation: This process consolidates similar entries into a single entry containing the count of the number of occurrences of the event. For example, a thousand entries that each record part of a scan could be aggregated into a single entry that indicates how many hosts were scanned. Log Conversion: This stage requires parsing the log in one format and storing its entries in a second format. For example, conversion could take data from a log stored in a database and save it in an XML format in a text file. Log Normalization: This step converts each log data field to a particular data representation, and categorizes it consistently. One of the most common uses of normalization is storing dates and times in a single format. For example, one log generator might store an event using a 12-hour format (2:34:56 PM EDT) categorized as a Timestamp, while another log generator might store it in a 24-hour format (14:34) categorized as an Event Time, with the time zone (-0400) in a different field with a separate category. Normalizing the logs ensures that they are consistent and eases the review and analysis process.
4 The Health Insurance Portability and Accountability Act Log Analysis It s not enough to review a log entry as a standalone event; its meaning often depends upon the context surrounding it. Correlation ties individual log entries together based on related information. Sequencing examines activity based on patterns. Trend Analysis identifies activity over time that in isolation might appear normal. The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996 to protect health insurance coverage for workers and their families when they change or lose their jobs. In addition, HIPAA requires firms to regulate the security and privacy of health data by providing administrative, physical, and technical safeguards. Each firm must establish processes for securing access to workstations and IT devices that contain patient data, documenting breaches, and reporting them to authorities. In addition, each firm is responsible for ensuring the same security levels for their external vendors that access their systems. Data contained in network and technology device event logs are key to uncovering attempted and actual security breaches. Sari Stern Greene, CISM, CISSP, NSA-IAM is the Founder of Sage Data Security, based in South Portland, Maine, which secures businesses and financial institutions nationwide with its ndiscovery SM Security Information Management service. For more information, visit or her at sari@sagedatasecurity.com. The Human Touch Successful log review requires both people and time in addition to the right tools. While tools and scripts can be used in the process of preparing, correlating, sequencing, and trending data, the final step in event and audit log management requires insight and analysis. Even the best report that synthesizes the most valuable information into a concise format is worthless unless someone takes the time to review it on a regular, consistent basis. This can be a resource-intensive activity. Successful log review requires people who understand what they are reviewing, time to perform the review, and deployment of the proper tools and methodology to achieve the organization s objectives. Organizations should decide what it is they want to accomplish via log review, how often and who is going to review the logs, what kind of reports are going to be generated, and how often they are going to be generated. For many companies, working with a consultant who specializes in information security is the best option. A specialized security information management firm has the skills to perform a site evaluation to identify critical devices to monitor, and understands which information is important to collect. A security consultant also can develop the custom scripts required to track and capture the right data. They stay on top of industry trends, and undergo constant training and security certification to ensure that their skills are current. They invest in the tools and technologies that are often too expensive for all but the largest firms. And, because they work with multiple firms, they are able to spot attacks and breaches that are attempted on others and develop proactive, defensive strategies. They can generate concise, insightful reports that help companies stay on top of event log review by eliminating redundant or unnecessary information, and providing the most important, actionable information. For some businesses, including those in the financial services industry, segregation of duties is a requirement. Organizations struggle to keep their information technology systems and vital data safe and secure. While event log management is time-consuming, intricate, and challenging, the rewards are great for those that mine the data they contain. The combination of an internal security team working with a consultancy that specializes in security information management helps many organizations develop the most cost-effective plan to ensure the consistent evaluation and review of event logs, and ensure the security of corporate systems and data.
5 What Devices Should You Monitor? Every device on a company network collects event logs, and it s not practical to store and evaluate every event from every device. Each company must develop a customized plan to capture the critical information that could impact its business. Following is a description of the types of devices that Sage Data Security has identified as the most important to track, and the type of information that they can deliver. Firewalls: Firewalls can log all the traffic going in and out of the network. Typically, when security administrators review their logs for inbound and outbound traffic, they ll check to see that the firewall is denying traffic, with the idea that accepted traffic has already been approved and the firewall is doing its job. With firewall logs, security administrators have to make sure that not only is unauthorized traffic denied, but that they understand exactly what it comprises so they can be proactive in addressing potential threats. In addition to reviewing denied activity, security administrators should review unusual amounts of allowed activity. For example, a high number of file transfers can be a warning of malware or of a user violating company policy. If a company typically makes daily FTP transfers comprising one megabyte of data, then security administrators should investigate if a file transfer is suddenly 600 megabytes. Or, if the company allows Port 80 traffic for outbound browsing, they should take note if the traffic from a particular device increases substantially. The key: look for unexpected traffic as well as expected traffic within unexpected levels. Web servers: Web server logs are another rich source of data to identify and thwart malicious activity. Typically, a security administrator looks to web server logs for entries that result in errors: users requesting pages that don t exist 404 Page Not Found Errors or users trying to access directory files for which they don t have authorization, such as 403 Forbidden Errors. Other errors to monitor include 500 Internal Server Errors, and 501 Header Value errors, both of which can indicate malicious activity as well as malfunctioning applications or bad HTML code. Checking the logs for Null Referrers can identify hackers who are scanning the website with automated tools that don t follow proper protocols. Security teams also need to monitor any access to pages that are used to update website content to ensure that only authorized users are attempting to get at this data. Critical alerts in web server logs are when traffic to IIS servers is attempting to access database information via SQL injection or when attempts are made to access folders on the server that aren t linked to the HTML within the pages of the web server (ex. Directory Traversals). Web server logs can also identify attempted execution of operating system commands. All of these events are indicative of malicious activity that should be reviewed in more detail. Network Authentication Server: An example of a network authentication server is an Active Directory Domain Controller. Authentication server logs document account activity. Administrative and user activity should be reviewed including: account lockouts, invalid account logons, invalid passwords, password changes, user management changes including new accounts and changed accounts, computer management events including when audit logs are cleared or computer account names are changed, group management events such as the creation or deletion of groups and the addition of users to high security groups, user activity outside of logon time restrictions, and server reboots.
6 About Sage Data Security and ndiscovery SM Mining and monitoring the information generated by the logs of your network and technology devices offers a wealth of information to help protect your organization. Each log offers clues about hacking attempts or attacks as well as on innocent activities that have unexpected and possibly harmful consequences. Yet each device generates countless numbers of events, so many that it s impossible to review them all manually. That s why we created ndiscovery SM, the information security management service that analyzes your event activity, identifies breaches, and defends your corporate data. With ndiscovery SM, we help your organization make sense of an overwhelming volume of data. We perform a site analysis to identify critical network and technology devices, and develop a baseline report that identifies normal activity. We create custom programs that capture and track the right information, and our proprietary methodology efficiently analyzes and correlates your log entries. We provide you with a concise, insightful report of all pertinent network activity and identify significant events, potential breaches, and potential threats. ndiscovery SM An Essential Solution for Your Business Contact Sage Data Security today and learn how we can help you defend your information assets! Call SAGE Full site evaluation determines critical devices and information to capture Data capture, aggregation, correlation, and analysis Concise, pertinent reporting delivers vital information on a regular basis Full review of anomalies as well as potentially harmful allowed activity Remediation advice and information to keep your organization secure or visit
SB34: Event Logs Don t Lie: Step-by-Step Security. Rick Simonds, Sage Data Security
SB34: Event Logs Don t Lie: Step-by-Step Security Rick Simonds, Sage Data Security AGENDA 1. Learn best practices for event and audit log review. 2. Learn which devices to track and monitor. 3. Learn how
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationIntroducing the product
Introducing the product The challenge Database Activity Monitoring provides privileged user and application access monitoring that is independent of native database logging and audit functions. It can
More information1. Thwart attacks on your network.
An IDPS can secure your enterprise, track regulatory compliance, enforce security policies and save money. 10 Reasons to Deploy an Intrusion Detection and Prevention System Intrusion Detection Systems
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationCisco SAFE: A Security Reference Architecture
Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed
More informationUsing Continuous Monitoring Information Technology to Meet Regulatory Compliance. Presenter: Lily Shue Director, Sunera Consulting, LLC
Using Continuous Monitoring Information Technology to Meet Regulatory Compliance Presenter: Lily Shue Director, Sunera Consulting, LLC Outline Current regulatory requirements in the US Challenges facing
More informationHow To Prevent Hacker Attacks With Network Behavior Analysis
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationMarch 2012 www.tufin.com
SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...
More informationDMZ Gateways: Secret Weapons for Data Security
A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE
More informationCHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics
CHANGING THE SECURITY MONITORING STATUS QUO Solving SIEM problems with RSA Security Analytics TRADITIONAL SIEMS ARE SHOWING THEIR AGE Security Information and Event Management (SIEM) tools have been a
More informationAdopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures
Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information
More informationRule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)
Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose
More informationSarbanes-Oxley Control Transformation Through Automation
Sarbanes-Oxley Control Transformation Through Automation An Executive White Paper By BLUE LANCE, Inc. Where have we been? Where are we going? BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com
More informationRunning the SANS Top 5 Essential Log Reports with Activeworx Security Center
Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationHigh-Risk User Monitoring
Whitepaper High-Risk User Monitoring Using ArcSight IdentityView to Combat Insider Threats Research 037-081910-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationLog Management Best Practices: The Benefits of Automated Log Management
Log Management Best Practices: The Benefits of Automated Log Management To comply with today s government and industry mandates, such as PCI, Sarbanes-Oxley, HIPAA and GLBA, log data must be collected,
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationWhite Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia
White Paper Ensuring Network Compliance with NetMRI An Opportunity to Optimize the Network Netcordia Copyright Copyright 2006 Netcordia, Inc. All Rights Reserved. Restricted Rights Legend This document
More informationLOG MANAGEMENT: BEST PRACTICES
LOG MANAGEMENT: BEST PRACTICES TABLE OF CONTENTS Why Log Management?...2 Which Logs Should Be Collected?...3 Log Management Challenges...5 Automated Log Management...7 Summary...8 LOG MANAGEMENT: BEST
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationHIGH-RISK USER MONITORING
HIGH-RISK USER MONITORING Using ArcSight IdentityView to Combat Insider Threats HP Enterprise Security Business Whitepaper Overview Security professionals once defended their networks against bots and
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationHow To Secure Your System From Cyber Attacks
TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationImplementing HIPAA Compliance with ScriptLogic
Implementing HIPAA Compliance with ScriptLogic A ScriptLogic Product Positioning Paper By Nick Cavalancia 1.800.424.9411 www.scriptlogic.com Table of Contents INTRODUCTION... 3 HIPAA BACKGROUND... 3 ADMINISTRATIVE
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationKeeping watch over your best business interests.
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationAchieving Regulatory Compliance through Security Information Management
www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations
More informationPayment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)
Payment Card Industry Data Security Standard (PCI / DSS) InterSect Alliance International Pty Ltd Page 1 of 12 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance
More informationUSM IT Security Council Guide for Security Event Logging. Version 1.1
USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate
More informationDedicated IT Support. BEFORE You Need It. Save Time, Money and Headache.
Dedicated IT Support BEFORE You Need It Save Time, Money and Headache. Worry-Free Computing with edgecare Managed Services What is edgecare? edgecare is our comprehensive service that provides pro-active
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationSecure Remote Control Security Features for Enterprise Remote Access and Control
Secure Remote Control Security Features for Enterprise Remote Access and Control Good communication is vital to any company, large or small. Many departments within companies are utilizing different platforms
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationVendor Questionnaire
Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationcase study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:
The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations
More informationHIPAA Security Rule Compliance and Health Care Information Protection
HIPAA Security Rule Compliance and Health Care Information Protection How SEA s Solution Suite Ensures HIPAA Security Rule Compliance Legal Notice: This document reflects the understanding of Software
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationBEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
More information5 Tools For Passing a
5 Tools For Passing a 4530 Plank Rd., Ste. 111, Fredericksburg, VA 22407 3 Health Insurance Portability and Accountability Act 4 Health Information Technology for Economic and Clinical Health Act 4 5 1
More informationStandard: Event Monitoring
Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationwhitepaper The Benefits of Integrating File Integrity Monitoring with SIEM
The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationWeb Security School Final Exam
Web Security School Final Exam By Michael Cobb 1.) Which of the following services is not required to run a Windows server solely configured to run IIS and publish a Web site on the Internet? a. IIS Admin
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationUnderstanding Layered Security and Defense in Depth
Understanding Layered Security and Defense in Depth Introduction Cybercriminals are becoming far more sophisticated as technology evolves. Well-publicized security breaches of major corporations are capturing
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationHow NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationAuditing Data Access Without Bringing Your Database To Its Knees
Auditing Data Access Without Bringing Your Database To Its Knees Black Hat USA 2006 August 1-3 Kimber Spradlin, CISA, CISSP, CPA Sr. Manager Security Solutions Dale Brocklehurst Sr. Sales Consultant Agenda
More informationThe Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold
The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationBottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.
Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationReports, Features and benefits of ManageEngine ADAudit Plus
Reports, Features and benefits of ManageEngine ADAudit Plus ManageEngine ADAudit Plus is a web based Active Directory change audit software. It provides comprehensive reports on almost every change that
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More information