How To Monitor Your Entire It Environment

Transcription

1 Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution

2

3 White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction The Need for Continuous Monitoring Challenges of Continuous Monitoring How Can Symantec Help? True Value to the CISO Summary

4 Preparing for FISMA 2.0 and Continuous Monitoring Requirements Introduction The IT landscape is continually changing and the Analysts managing our organizations are challenged with maintaining secure configurations regardless of the influx in the number and complexity of devices. With this increase in devices, various applications and operating systems are installed with differing images depending on roles, responsibilities and job functions within an organization. This results in a risk posture that is never constant. To address this challenge, Symantec assists our customers by focusing on a best practices approach called Situational Awareness. This methodology combines four key solution areas encompassing the concepts of Continuous Monitoring, Global Visibility & Incident Response, Automation & Reporting and Predictive Analysis. This four vector approach provides complementary capabilities that enable organizations to use best practices to: continuously monitor their entire IT organization, rapidly deploy new countermeasures, and most importantly, verify secure configurations and the overall state of security and health. An important note to keep in mind is that Symantec s Situational Awareness approach can be flexibly orchestrated to meet agencies unique requirements for timing and frequency. Each component has a specific purpose. Symantec s Continuous Monitoring advocates a standardized, automated way to discover new assets, collect the current states of those assets, as well as create patches to ensure a secure baseline. Through Global Visibility & Incident Response, organizations should collect and correlate events focused on critical incidents and compare these with external global intelligence feeds to provide a broadened picture outside the community in which their organization resides. Hundreds of vulnerabilities are publicly announced each week and the daily attempts at exploiting those are in the millions. Analyzing beyond the organization into communities is increasingly important. As we extend beyond understanding the internal environment to the external environment, the next step in the approach is Automation & Reporting. Here we begin understanding what trends are occurring and reporting to the appropriate stakeholders the impact it may have on the business or mission. Automation becomes a key component to streamlining business processes and efficiencies across the organization. This enables organizations to have a machine to machine approach so analysts can focus their attention on high priority items. The last step in this best practice 1

5 Preparing for FISMA 2.0 and Continuous Monitoring Requirements methodology is Predictive Analysis. This moves beyond the here and now and focuses on predicting what may come. It allows for a more proactive posture by incorporating a multitude of capabilities which encompass static as well as dynamic analysis to include human analytics with tools and technologies. In this whitepaper, we will focus on the Continuous Monitoring solution in Symantec s Situational Awareness approach. The Need for Continuous Monitoring The 2010 Federal Information Security Management Act, also referred to as FISMA 2.0, includes an important measure requiring the continuous monitoring of information systems as part of every agency s information security program. Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described by National Institute of Standards and Technology (NIST). According to guidance outlined by NIST The objective of the continuous monitoring program is to determine if the set of deployed security controls continue to be effective over time in light of the inevitable changes that occur. 1 The Office of Management and Budget (OMB) has set a deadline for agency CIOs to implement software to continuously monitor the security of their networks by the end of the 2012 government fiscal calendar. The goal of this paper is to facilitate discussion and familiarization of Symantec offerings for those charged with meeting this OMB deadline. Agencies collectively spending billions of dollars to manually monitor and report on information security programs need to turn to continuous monitoring solutions to comply with FISMA 2.0 in the face of budget constraints. Symantec understands the challenges of this transition and the requirements for a software-based solution. Through a five-step comprehensive approach, Symantec enables agencies to monitor their entire IT environment continuously, remediate those items out of compliance and vulnerable, and report in compliance with federal data call requirements. Challenges of Continuous Monitoring Changes to IT infrastructure driven by dynamic networks and the exponential growth in the number and types of attacks are outpacing the ability to track changes across a heterogeneous IT infrastructure with manual processes and current paper-based systems. The idea behind continuous monitoring is to know, in real-time or near real-time, the health of the organization s network. This empowers the Department of Homeland Security and agencies to address threats or potential threats sooner. However, agencies have been hard pressed to identify solutions that meet the visibility, ease-of-use, real-time tracking, and reporting requirements. Instead, agencies have turned to teams of consultants to monitor and report on a plethora of heterogeneous systems a few times a year. To comply with FISMA 2.0 in the face of resource constraints, federal agencies need continuous monitoring solutions specifically designed to overcome current monitoring challenges by enabling: The ability to establish a baseline inventory of networks and their associated IT assets Visibility across disparate systems desktops, servers, network devices through a single console 1-National Institute of Standards and Technology, Special Publication , Revision 1, Applying the Risk Management Framework to Federal Information Systems, February 2010, Appendix G, Page G1. 2

6 Preparing for FISMA 2.0 and Continuous Monitoring Requirements Streamlined adoption with a solution that implements easily, requires minimal training, and generates tangible results immediately Automation of repeatable processes which optimizes the use of IT and Information Security staff Automatic incorporation of threat bulletins such as Situational Awareness and Information Assurance Vulnerability Management Reports in order to begin resolution in a timely manner Easily exportable reports in required formats such as.csv,.xls, CVE, CPE, CCE (CyberScope) How Can Symantec Help? Symantec s Continuous Monitoring Solution for federal government addresses these challenges through the five steps shown below. Five-Step Continuous Monitoring Process 1) Continuous Discovery Discover and maintain a near real-time inventory of all networks and IT assets including hardware and software classified by Common Platform Enumeration (CPE) for threat bulletins Identify and track rogue networks, hosts, or applications running on desktops, laptops and servers 2) Vulnerability Assessment Automatically scan and compare IT asset configurations against various criteria including Common Computer Vulnerabilities (CCV), National Vulnerability Database (NVD) and Security Content Automation Protocol (SCAP) repositories to determine vulnerabilities, and leverage workflow to automate Information Assurance Vulnerability Alert (IAVA) and Situational Awareness Reports (SARS) activities Prioritize findings and provide detailed reporting by agency unit, platform, network, asset class, Common Vulnerability Scoring System (CVSS) Score, and vulnerability type 3

7 Preparing for FISMA 2.0 and Continuous Monitoring Requirements 3) Configuration Audits Continuously evaluate client, server, and network device configurations and compare with standards and policies including NIST and SCAP-compliant check lists Gain insight into problematic IA Controls, usage patterns and access permissions of sensitive data 4) Patch Management Automatically deploy and update software to eliminate vulnerabilities and maintain compliance Correct configuration settings including network access and provision software according to the end-user s role and policies 5) Analytics & Reporting Aggregate disparate system logs and events into one central location and automatically analyze and correlate unusual activities in compliance with regulations True Value to the CISO With the Symantec Continuous Monitoring Solution CIOs get a comprehensive solution that delivers a range of benefits including: Flexible Options for Data Acquisition Dissolving agent, agent, removable media scan support, agent-less Scalability Asynchronous discovery scanning and standards-based Service Oriented Architecture (SOA) architecture Centralized or distributed scanner deployment options provide linear scalability Software based with virtual management support web based console Software Development Kit (SDK) SCAP Leadership FDCC content provider, Mac OS X, Oracle Solaris, UNIX, Cisco, STIGS Integration Command and control of existing 3 rd party scanners Integration with third party products 4

8 Preparing for FISMA 2.0 and Continuous Monitoring Requirements Open Architecture, Enterprise Ready Microsoft Server 2003/2008 application, Microsoft SQL Server 2005 database, Internet Information Services (IIS) for Windows Server Role-Based Access Control(RBAC): Granular RBAC with least privilege access control model Reporting Easily exportable reports in required format such as.csv,.xls, CVE, CPE, CCE (CyberScope) Summary Are you prepared to address FISMA 2.0 and the OBM s 2012 deadline to implement a continuous monitoring software solution? The Symantec Continuous Monitoring Solution for federal government was designed to help you transition from a manual, paper-based solution to an affordable, effective, and compliant software-based approach. The five-step process enables agencies to monitor the entire IT environment continuously, remediate those items out of compliance and vulnerable, and report in compliance with federal data call requirements. With more than a decade of work with federal agencies, Symantec has developed a deep understanding of the unique challenges government agencies face and how to address these challenges. 5

9

10 About Symantec Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA USA +1 (650) (800) Symantec helps organizations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions. Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 6/