Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue



Similar documents
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

SecureVue Product Brochure

The Fundamental Difference Between SIEM & Log Management Solutions: State vs. Event Data

IBM QRadar Security Intelligence April 2013

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

End-user Security Analytics Strengthens Protection with ArcSight

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Continuous Network Monitoring

EXPERT STRATEGIES FOR LOG COLLECTION, ROOT CAUSE ANALYSIS, AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

QRadar SIEM and FireEye MPS Integration

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Clavister InSight TM. Protecting Values

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Boosting enterprise security with integrated log management

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

The SIEM Evaluator s Guide

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Meeting RMF Requirements around Audit Log Management

Caretower s SIEM Managed Security Services

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Scalability in Log Management

Security strategies to stay off the Børsen front page

WHITE PAPER. Managed Security. Five Reasons to Adopt a Managed Security Service

How To Manage Security On A Networked Computer System

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

QRadar SIEM and Zscaler Nanolog Streaming Service

Concierge SIEM Reporting Overview

HP NonStop Server Security and HP ArcSight SIEM

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

THE TOP 4 CONTROLS.

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

I D C A N A L Y S T C O N N E C T I O N

What is Security Intelligence?

Assuria from ZeroDayLab

QRadar SIEM 6.3 Datasheet

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

IBM QRadar as a Service

Information & Asset Protection with SIEM and DLP

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Analyzing Logs For Security Information Event Management Whitepaper

Total Protection for Compliance: Unified IT Policy Auditing

The Sophos Security Heartbeat:

High End Information Security Services

Information Technology Policy

SANS Top 20 Critical Controls for Effective Cyber Defense

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Strengthen security with intelligent identity and access management

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

FISMA / NIST REVISION 3 COMPLIANCE

Bridging the gap between COTS tool alerting and raw data analysis

IBM Security QRadar Risk Manager

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Best Practices for Building a Security Operations Center

Enabling Security Operations with RSA envision. August, 2009

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Q1 Labs Corporate Overview

IBM Security IBM Corporation IBM Corporation

Sarbanes-Oxley Compliance for Cloud Applications

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Securing your IT infrastructure with SOC/NOC collaboration

Analyzing Logs For Security Information Event Management Whitepaper

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

IBM Security QRadar Risk Manager

IBM SECURITY QRADAR INCIDENT FORENSICS

Looking at the SANS 20 Critical Security Controls

are you helping your customers achieve their expectations for IT based service quality and availability?

IT Security & Compliance. On Time. On Budget. On Demand.

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

FIVE PRACTICAL STEPS

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

From the Bottom to the Top: The Evolution of Application Monitoring

Extreme Networks Security Analytics G2 Risk Manager

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Transcription:

Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue EiQ Networks

Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue Deploying Standard SIEM Leaves Major Gaps in DoD Infrastructure. SecureVue Addresses Multiple Requirements with Single Capability Current Gaps Each US DoD Installation has critical requirements related to information assurance, network operations, and cyber security. These requirements include: Audit Log Management/SIEM 12 Post Office Square, Boston, MA 02109 Tel: +1.617.337.4880 Fax: +1.978.266.0004 eiqnetworks.com STIG Compliance Audit Log Management/SIEM By way of Department of Defense directives, all DoD facilities are required to deploy a tool to capture all audit log data for the purposes of forensics. Some of these mandates are encapsulated within security processes and controls identified in DoD 8500.2, Information Assurance (IA) Implementation: (8500.2 ECRG-1) provide audit report generation tools that highlight security significant events that might warrant additional investigation. (8500.2 ECRG-1) provide tools for the review of audit records and for audit report generation. (8500.2 ECRG-1) generate audit reports in a readable format. STIG Compliance In accordance with DoD 8500.1, Information Assurance (IA), hosts and devices connected to the network must be configured in accordance with security configuration guidelines (e.g. DISA STIGs): (8500.1) All IA and IA-enabled IT products incorporated into DoD information systems shall be configured in accordance with DoD-approved security configuration guidelines Today, DoD IA and network teams spend a significant amount of time and money verifying compliance against the DISA STIGs. On average, the amount of time to verify whether a single server is compliant with a DISA STIG can range from two to four hours. The DoD is spending thousands of man-hours every year conducting these tasks manually, with minimal toolsets and practically zero automation. Even with such a significant investment year over year, there is still no ongoing view of compliance across commands, brigades, and installations.

Most DoD enclaves conduct compliance audits only on an as-needed basis, or just prior to inspections but of course, this is not actually practicing true information assurance. Continuous monitoring is rapidly becoming a mandate for IA; but continuous approach to STIG compliance using the tools that DoD has at its disposal today is an impossible task. assets against the DISA STIGs on a continuous basis. How SecureVue Meets These Challenges SecureVue provides capabilities required for the purposes of regulatory compliance and operations. This includes log management/siem and STIG compliance automation. The biggest difference between SecureVue and any other SIEM solution is simple: SecureVue can audit network devices, servers, and applications against the DISA STIGs. Other SIEMs and log management tools cannot. SecureVue is in a unique position to provide an overall view into a device s compliance with the DISA STIGs while meeting DoD Audit Log Management/SIEM requirements. The key reason for this capability is simple: SecureVue looks beyond just event data and collects a device s state data meaning it knows how a device is actually configured, what applications and users make up a system, and what actual changes to the configuration of a device has occurred. Traditional log management/siem tools focus on event-based data and, as a result, cannot provide insight into the state of a system. Using Event Data and State Data to Provide More Context, Intelligence The intelligence provided by SIEM and log management tools is derived primarily from event data generated from servers, applications, and network devices. Event data describes an actual event such as a failed login event. In the event, there is the source IP, destination IP, event ID, description, etc. Event data is important because

it explains specifics around an actual event. Unfortunately, event data does not describe the state of the system. In other words, event data cannot describe how the device is configured, software installed, services running, etc. All SIEM and audit log management solutions, including SecureVue, look at event data. They pull in events from different sources such as firewalls, proxies, AV solution, etc. and give you a way to identify critical events. While SecureVue does an excellent job at this and helping you identify what events are critical, the fundamental differentiator between SecureVue and any other SIEM or Log Management solution is that SecureVue also looks at the state of a system. So SecureVue can now tell you how a device is configured, what changes were made to the system between yesterday and today, what patches are missing, etc. SecureVue can also take it a step further and translate that state data into useful compliance data. Meaning SecureVue can show you how compliant your devices are against the DISA STIGs, CIS standards, or USGCBs. The only reason SecureVue can provide these added capabilities is by the fact that it is looking at state data. Enterprise Data Correlation and Situational Awareness EiQ s SecureVue combines, analyzes, and provides actionable intelligence using data collected from the various security and compliance data silos throughout the enterprise, to provide greater cyber situational awareness capability across DoD networks as illustrated in the following diagram: SecureVue is a true unified situational awareness platform that delivers comprehensive security intelligence and provides the real-time information that defenders need to identify, prioritize, and respond to modern security threats. SecureVue: Protects Against Cyber Attacks SecureVue monitors compliance and trending against best practice polices and security controls, as well security abnormalities that aren t necessarily outside the range of compliance, all from a single console. Detects Data Breaches SecureVue monitors real-time security and compliance of multiple data types, cross-correlates all information for early breach detection and notification. Responds to Breaches and Policy Violations SecureVue minimizes mean-time-to-repair through fast and efficient forensics across all security-related data all from within a single report. Additionally, SecureVue s built-in workflow engine provides IA personnel with the tools they need to immediately respond to policy violations and potential attacks.

Enterprise Compliance A complete solution for DISA STIG compliance, SecureVue provides continuous, automated auditing against DISA STIG checklists and requirements to ensure secure configurations across federal systems. SecureVue collects all security-related data not just logs and other events from servers, operating systems, workstations, and network devices such as routers, firewalls, and databases for both enterprise and desktop applications, and tracks changes over a period of time against predefined baselines including appropriate STIGs. With EiQ s SecureVue, federal government agencies can quickly and easily ensure consistent, continuous compliance with DISA STIGs, achieve rapid certification and accreditation (C&A) against DIACAP and other standards, and ensure situational awareness across the organization. Audit Log Management/SIEM EiQ s SecureVue collects, analyzes, and correlates every log and security event that occurs across a government agency, fulfilling the requirements for 8500.2 and 800-53 to collect and review all audit logs. SecureVue continuously correlates every logon, logoff, file access, attack, and database query to deliver accurate detection of security incidents, risks, and compliance violations. SecureVue can also analyze and correlate millions of events with other security data, including configuration changes and other stateful data, security control violations, known vulnerabilities, performance metrics, file integrity, and other information to identify anomalies and incidents. Personnel are immediately alerted through real-time dashboards, monitors, notifications, and reports, so immediate action can be taken. SecureVue Provides Best Value at the Lowest Cost As explained above, SecureVue delivers capabilities that are not available within ArcSight or other log management/siem tools. SecureVue solves a number of challenges at the installation level. Rather than spending countless hours conducting manual audits against applicable DISA STIGs, installations can use SecureVue to provide continuous STIG monitoring in an automated fashion in a fraction of the time.

Summary Throughout this document, we have addressed gaps that currently exist within the DoD infrastructure. Common gaps addressed by SecureVue include Audit Log Management/SIEM and STIG Compliance. SecureVue is the only tool on the market today that can meet both of these requirements with a single capability. As a result, we have a significant deployment base in the Department of Defense and the US Army. EiQ Networks provides a simple, elegant and highly scalable solution to these issues: Any tool deployed to close these gaps should be measured against the total overall value it brings to the DoD. We are confident when we say that no other tool today can meet all of these challenges at the same low cost as SecureVue. About EiQ Networks EiQ Networks, a pioneer in security hybrid SaaS and continuous security intelligence solutions and services, is transforming how organizations identify threats, mitigate risks, and enable compliance. EiQ offers SOCVue, a security hybrid SaaS offering, and provides 24x7 security operations to Small to Medium enterprises who need to protect themselves against cyber attacks but lack resources or on-staff expertise to implement an effective security program. SecureVue, a continuous security intelligence platform, helps organizations proactively detect incidents, implement security best practices, and receive timely and actionable intelligence along with remediation guidance. Through a single console, SecureVue enables a unified view of an organization s entire IT infrastructure for continuous security monitoring, critical security control assessment, configuration auditing, and compliance automation. For more information, visit: http://www.eiqnetworks.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information