Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue

Transcription

1 Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue EiQ Networks

2 Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue Deploying Standard SIEM Leaves Major Gaps in DoD Infrastructure. SecureVue Addresses Multiple Requirements with Single Capability Current Gaps Each US DoD Installation has critical requirements related to information assurance, network operations, and cyber security. These requirements include: Audit Log Management/SIEM 12 Post Office Square, Boston, MA Tel: Fax: eiqnetworks.com STIG Compliance Audit Log Management/SIEM By way of Department of Defense directives, all DoD facilities are required to deploy a tool to capture all audit log data for the purposes of forensics. Some of these mandates are encapsulated within security processes and controls identified in DoD , Information Assurance (IA) Implementation: ( ECRG-1) provide audit report generation tools that highlight security significant events that might warrant additional investigation. ( ECRG-1) provide tools for the review of audit records and for audit report generation. ( ECRG-1) generate audit reports in a readable format. STIG Compliance In accordance with DoD , Information Assurance (IA), hosts and devices connected to the network must be configured in accordance with security configuration guidelines (e.g. DISA STIGs): (8500.1) All IA and IA-enabled IT products incorporated into DoD information systems shall be configured in accordance with DoD-approved security configuration guidelines Today, DoD IA and network teams spend a significant amount of time and money verifying compliance against the DISA STIGs. On average, the amount of time to verify whether a single server is compliant with a DISA STIG can range from two to four hours. The DoD is spending thousands of man-hours every year conducting these tasks manually, with minimal toolsets and practically zero automation. Even with such a significant investment year over year, there is still no ongoing view of compliance across commands, brigades, and installations.

3 Most DoD enclaves conduct compliance audits only on an as-needed basis, or just prior to inspections but of course, this is not actually practicing true information assurance. Continuous monitoring is rapidly becoming a mandate for IA; but continuous approach to STIG compliance using the tools that DoD has at its disposal today is an impossible task. assets against the DISA STIGs on a continuous basis. How SecureVue Meets These Challenges SecureVue provides capabilities required for the purposes of regulatory compliance and operations. This includes log management/siem and STIG compliance automation. The biggest difference between SecureVue and any other SIEM solution is simple: SecureVue can audit network devices, servers, and applications against the DISA STIGs. Other SIEMs and log management tools cannot. SecureVue is in a unique position to provide an overall view into a device s compliance with the DISA STIGs while meeting DoD Audit Log Management/SIEM requirements. The key reason for this capability is simple: SecureVue looks beyond just event data and collects a device s state data meaning it knows how a device is actually configured, what applications and users make up a system, and what actual changes to the configuration of a device has occurred. Traditional log management/siem tools focus on event-based data and, as a result, cannot provide insight into the state of a system. Using Event Data and State Data to Provide More Context, Intelligence The intelligence provided by SIEM and log management tools is derived primarily from event data generated from servers, applications, and network devices. Event data describes an actual event such as a failed login event. In the event, there is the source IP, destination IP, event ID, description, etc. Event data is important because

4 it explains specifics around an actual event. Unfortunately, event data does not describe the state of the system. In other words, event data cannot describe how the device is configured, software installed, services running, etc. All SIEM and audit log management solutions, including SecureVue, look at event data. They pull in events from different sources such as firewalls, proxies, AV solution, etc. and give you a way to identify critical events. While SecureVue does an excellent job at this and helping you identify what events are critical, the fundamental differentiator between SecureVue and any other SIEM or Log Management solution is that SecureVue also looks at the state of a system. So SecureVue can now tell you how a device is configured, what changes were made to the system between yesterday and today, what patches are missing, etc. SecureVue can also take it a step further and translate that state data into useful compliance data. Meaning SecureVue can show you how compliant your devices are against the DISA STIGs, CIS standards, or USGCBs. The only reason SecureVue can provide these added capabilities is by the fact that it is looking at state data. Enterprise Data Correlation and Situational Awareness EiQ s SecureVue combines, analyzes, and provides actionable intelligence using data collected from the various security and compliance data silos throughout the enterprise, to provide greater cyber situational awareness capability across DoD networks as illustrated in the following diagram: SecureVue is a true unified situational awareness platform that delivers comprehensive security intelligence and provides the real-time information that defenders need to identify, prioritize, and respond to modern security threats. SecureVue: Protects Against Cyber Attacks SecureVue monitors compliance and trending against best practice polices and security controls, as well security abnormalities that aren t necessarily outside the range of compliance, all from a single console. Detects Data Breaches SecureVue monitors real-time security and compliance of multiple data types, cross-correlates all information for early breach detection and notification. Responds to Breaches and Policy Violations SecureVue minimizes mean-time-to-repair through fast and efficient forensics across all security-related data all from within a single report. Additionally, SecureVue s built-in workflow engine provides IA personnel with the tools they need to immediately respond to policy violations and potential attacks.

5 Enterprise Compliance A complete solution for DISA STIG compliance, SecureVue provides continuous, automated auditing against DISA STIG checklists and requirements to ensure secure configurations across federal systems. SecureVue collects all security-related data not just logs and other events from servers, operating systems, workstations, and network devices such as routers, firewalls, and databases for both enterprise and desktop applications, and tracks changes over a period of time against predefined baselines including appropriate STIGs. With EiQ s SecureVue, federal government agencies can quickly and easily ensure consistent, continuous compliance with DISA STIGs, achieve rapid certification and accreditation (C&A) against DIACAP and other standards, and ensure situational awareness across the organization. Audit Log Management/SIEM EiQ s SecureVue collects, analyzes, and correlates every log and security event that occurs across a government agency, fulfilling the requirements for and to collect and review all audit logs. SecureVue continuously correlates every logon, logoff, file access, attack, and database query to deliver accurate detection of security incidents, risks, and compliance violations. SecureVue can also analyze and correlate millions of events with other security data, including configuration changes and other stateful data, security control violations, known vulnerabilities, performance metrics, file integrity, and other information to identify anomalies and incidents. Personnel are immediately alerted through real-time dashboards, monitors, notifications, and reports, so immediate action can be taken. SecureVue Provides Best Value at the Lowest Cost As explained above, SecureVue delivers capabilities that are not available within ArcSight or other log management/siem tools. SecureVue solves a number of challenges at the installation level. Rather than spending countless hours conducting manual audits against applicable DISA STIGs, installations can use SecureVue to provide continuous STIG monitoring in an automated fashion in a fraction of the time.

6 Summary Throughout this document, we have addressed gaps that currently exist within the DoD infrastructure. Common gaps addressed by SecureVue include Audit Log Management/SIEM and STIG Compliance. SecureVue is the only tool on the market today that can meet both of these requirements with a single capability. As a result, we have a significant deployment base in the Department of Defense and the US Army. EiQ Networks provides a simple, elegant and highly scalable solution to these issues: Any tool deployed to close these gaps should be measured against the total overall value it brings to the DoD. We are confident when we say that no other tool today can meet all of these challenges at the same low cost as SecureVue. About EiQ Networks EiQ Networks, a pioneer in security hybrid SaaS and continuous security intelligence solutions and services, is transforming how organizations identify threats, mitigate risks, and enable compliance. EiQ offers SOCVue, a security hybrid SaaS offering, and provides 24x7 security operations to Small to Medium enterprises who need to protect themselves against cyber attacks but lack resources or on-staff expertise to implement an effective security program. SecureVue, a continuous security intelligence platform, helps organizations proactively detect incidents, implement security best practices, and receive timely and actionable intelligence along with remediation guidance. Through a single console, SecureVue enables a unified view of an organization s entire IT infrastructure for continuous security monitoring, critical security control assessment, configuration auditing, and compliance automation. For more information, visit: