Meeting Federal Information Assurance (IA) Monitoring Requirements with SecureVue

Transcription

1 Meeting Federal Information Assurance (IA) Monitoring Requirements with SecureVue Solution Brief

2 Meeting Federal Information Assurance (IA) Monitoring Requirements with SecureVue Federal Security Monitoring Requirements: The Whole Story For federal civilian, intelligence and DoD agencies, the need to implement secure information security systems that provide confidentiality, integrity and availability is not just good practice -- it is mandated through a broad range of federal laws, standards and guidelines that affect every federal agency, including civilian, Department of Defense (DoD) and intelligence. A key requirement across all of these standards is the need to implement some type of continuous monitoring of information security data, for the purpose of identifying anomalous behavior and other activity, and providing both reporting and forensic analysis capabilities to address these abnormalities. Achieving information assurance (IA) is not an easy task. A broad range of mandates require federal agencies to implement specific security controls, and continuously monitor their effectiveness. The following table identifies individual federal-specific laws and other mandates that require information security monitoring specifically for federal agencies across key areas of IA programs, including controls selection and implementaiton, prescriptive controls, continuous monitoring, and certification and accreditation: Federal Information Assurance (IA) Monitoring Requirements Security Program Category IA Controls Selection and Implementation Prescriptive Security Controls Standard NIST DoD DCID 6/3 DISA STIGs FDCC USGCB Continuous Monitoring NIST Certification & Accreditation DoD (DIACAP) 31 Nagog Park Drive Acton, MA Tel: Toll-free : Fax: eiqnetworks.com The number of mandates for information assurance (IA) that federal agencies must follow to achieve is growing at a substantial rate A key unifying concept of IArelated mandates is continuous monitoring As continuous monitoring and situational awarness rapidly become mandates in federal agencies, organizations should look to implementing solutions that can deliver these capabilities today What Technologies Can Bridge the Gap and Fully Meet These Requirements? These mandates present a problem to IA personnel, because historically, no one single solution has been able to address all of these categories of IA program management. As a consequence, federal agencies have taken a silo approach to monitoring

3 security controls to address IA requirements. Point security monitoring products such as SIEM, IDS/IPS, anti-virus, bulky configuration management platforms, and other fixed-purpose technologies are often cobbled together to try and achieve compliance with federal monitoring requirements. However, this individual-product approach to security monitoring doesn t fully address key areas of federal security monitoring requirements, including: Breadth of Required Data. The data required as part of federal IA monitoring activity is not encapsulated in one type of data, such as logs and other events. Monitoring systems and applications against prescriptive security standards such as DISA STIGs, the FDCC and the USGCB require visibility into the current configuration of the target system -- and this is system state data, not log or event data, and is invisible to many security point tools such as SIEM. Similarly, federal monitoring requirements require collection and analysis of other types of security data, including system performance metrics, network traffic, known vulnerabilities, file integrity data and other information. While individual point products can separately collect many of these required security data elements, they don t talk to each other, and as a result federal agencies often lack the ability to correlate and analyze all security data in context. Monitoring federal information systems in a manner consistent with laws and mandates requires more than just event-based data SecureVue from EiQ Networks provides comprehensive, continuous monitoring to address multiple federal laws and mandates including FISMA, NIST , DoD , and more SecureVue natively collects, correlates, and analyzes all security data, eliminating cumbersome manual correlation between multiple point products Incident Response. Continuous monitoring isn t just about evaluating information; it s also about acting on that data when appropriate. Although point security tools are good at flagging specific, individual conditions -- such as an IDS identifying a network-based attack, or a SIEM identifying a failed logon - using multiple tools doesn t provide federal IA professionals with the context of the issue, because there is no single workbench or forensic capability that extends across the data collected from multiple point products. Similarly, point products that rely solely on signature-based detection -- including IPS/IPS and antimalware - are blind to attacks that don t have a defined signature, such as zero-day and advanced persistent threats. Full-Context Forensic Analysis. IA professionals need contextual forensic analysis through ad hoc queries in order to... Situational Awareness. Federal agencies are rapidly being required to adopt a situational awareness capability that brings together all security data from across the enterprise, and provide real-time correlation and analysis of that data. Individual point products utilize multiple, disparate databases, collection mechanisms and analysis tools, making true situational awarness an impossibility. Should You Buy a Commodity, or a Platform? Many point security monitoring products, such as SIEM and log management, are commodities; they can be plugged in to the network to collect event-based data, but don t really do much more. Does a commoditized approach to security monitoring work? If your only interest is in checking a box, then perhaps it does. However, is that the real goal? Or is it more critical to achieve actual security for mission-critical assets and systems through a comprehensive, truly unified platform that provides enterprise situational awareness?

4 To acheive real security, you need a true platform that seamlessly integrates the security monitoring components of an IA program, including monitoring all security controls across the enterprise, provide continuous, real-time alerting and notification of abnormal and suspicious activity, and supports certification and accreditation activities such as FISMA and DIACAP. As critically, the solution can t be designed for a single location; it must be scalable, flexible and highly extensible to meet the customized environments common to federal enterprises. And of course, any solution must also meet strict federal certification criteria including NIST FIPS-140, NIAP Common Criteria, and other standards. SecureVue: Continuous Monitoring via True Situational Awareness SecureVue from EiQ Networks provides comprehensive, real-time and continuous monitoring across all IT assets within federal agencies, delivering a unified view of security and compliance. Unlike individual security point products, SecureVue collects, correlates and analyzes all security data, ensuring that federal IA professionals have access to the complete context of security incidents -- allowing them to eliminate false positives and quickly identify applications, data, systems and personnel that are at risk. EiQ Networks SecureVue, the industry s only unified situational awareness platform, provides security and compliance across all aspects of IA activity for federal systems. SecureVue natively and agentlessly collects all relevant security data from across the enterprise, and when comparing SecureVue to other solutions for security monitoring, SecureVue provides detailed, prescriptive security auditing against DISA STIGs, FDCC, USGCB and other standards SecureVue provides true unified situational awareness in a single console, while preserving federal agencies investment in existing point security tools SecureVue delivers far more continuous monitoring capabilities than point products like log management and SIEM - all for a lower TCO SecureVue has achieved or is in-process of validation under a number of federal IA programs, including NIST FIPS-140, NIAP Common Criteria, SCAP and U.S. Army Certificate of Networthiness (CON); SecureVue is also identified on the DISA UC APL SecureVue provides true situational awareness for signatureless threats such as advanced persistent threats (APTs)

5 ask yourself: Why would you buy a commoditized product like log management or SIEM, when you can buy a platform that delivers complete security monitoring and true situational awareness for the same price? By addressing all security monitoring requirements for federal agencies, SecureVue provides a comprehensive, highly scalable, and unified common operating picture across the enterprise, from an individual installation through an entire globally-deployed agency. That s the value of SecureVue from EiQ Networks. Summary The industry s only security and compliance platform for unified situational awareness, SecureVue from EiQ Networks delivers continuous monitoring capability across all security data to help federal agencies gain a proactive edge over internal and external threats to information assets, as well as address a broad range of laws and mandates that affect federal agencies. SecureVue delivers continuous monitoring and true situational awareness in a single, unified console, helping agencies to greatly improve their information assurance posture. SecureVue is used today in dozens of federal civilian, military and intelligence installations. About EiQ Networks EiQ Networks, a pioneer in simplified information security and compliance solutions and services, is transforming how organizations meet their security monitoring and compliance objectives. With SecureVue, a continuous security intelligence platform, organizations can gain comprehensive security monitoring, critical security control assessment, configuration auditing, and compliance automation. For resource constrained organizations EiQ provides SOCVue, a continuous security monitoring software as a service (SaaS) offering. For more information, please visit or call