Imperva Automates NERC CIP Compliance and Secures Critical Infrastructure

Similar documents
Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

TRIPWIRE NERC SOLUTION SUITE

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

NEC Managed Security Services

CASE STUDY. Global Airline Empowers Mobile Workforce for SaaS Apps while Reducing Risk

White Paper. Managing Risk to Sensitive Data with SecureSphere

Imperva SecureSphere Data Security

Implementing Sarbanes-Oxley Audit Requirements WHITE PAPER

Boosting enterprise security with integrated log management

Data Masking: A baseline data security measure

How to Secure Your SharePoint Deployment

Auditing Mission-Critical Databases for Regulatory Compliance

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How To Buy Nitro Security

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Teradata and Protegrity High-Value Protection for High-Value Data

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

CA Vulnerability Manager r8.3

End-to-End Application Security from the Cloud

Simply Sophisticated. Information Security and Compliance

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

FFIEC Cybersecurity Assessment Tool

LogRhythm and NERC CIP Compliance

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

8 Steps to Holistic Database Security

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

NERC CIP Compliance with Security Professional Services

Demonstrating the ROI for SIEM: Tales from the Trenches

BSM for IT Governance, Risk and Compliance: NERC CIP

VULNERABILITY MANAGEMENT

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Maximizing Configuration Management IT Security Benefits with Puppet

Application Monitoring for SAP

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Current IBAT Endorsed Services

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Payment Card Industry Data Security Standard

Vulnerability Management

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Enterprise Security Solutions

DEMONSTRATING THE ROI FOR SIEM

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

1 Introduction Product Description Strengths and Challenges Copyright... 5

PCI DSS Reporting WHITEPAPER

Continuous Network Monitoring

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Caretower s SIEM Managed Security Services

BIG SHIFT TO CLOUD-BASED SECURITY

Scalability in Log Management

Vulnerability Management for the Distributed Enterprise. The Integration Challenge

Privilege Gone Wild: The State of Privileged Account Management in 2015

Enterprise-Grade Security from the Cloud

How To Protect Your Cloud From Attack

White Paper. Imperva Data Security and Compliance Lifecycle

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

Embracing Microsoft Vista for Enhanced Network Security

The Importance of Cybersecurity Monitoring for Utilities

Managing the Unpredictable Human Element of Cybersecurity

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Department of Management Services. Request for Information

Leveraging Privileged Identity Governance to Improve Security Posture

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Privilege Gone Wild: The State of Privileged Account Management in 2015

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Seven Things To Consider When Evaluating Privileged Account Security Solutions

NERC CIP VERSION 5 COMPLIANCE

The Sumo Logic Solution: Security and Compliance

Leveraging a Maturity Model to Achieve Proactive Compliance

IAAS REFERENCE ARCHITECTURES: FOR AWS

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

IT Security & Compliance. On Time. On Budget. On Demand.

5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit

Guardium Change Auditing System (CAS)

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

AlienVault for Regulatory Compliance

Navigate Your Way to NERC Compliance

PROGRAM OVERVIEW: ALERT LOGIC SECURITY-AS-A-SERVICE FOR SERVICE PROVIDERS

How To Protect Data From Attack On A Computer System

What Every Business Should Know About PCI Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Position Description. Job Summary: Campus Job Scope:

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Bringing Continuous Security to the Global Enterprise

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Transcription:

C A S E S T U DY Imperva Automates NERC CIP Compliance and Secures Critical Infrastructure

NERC Regulations Aim to Increase Cyber Security for North American Bulk Power Systems There are numerous cyber-security regulations to which owners, operators and users of bulk electric power systems in North America must comply. In addition to NERC - the North American Electric Reliability Corporation, there is often the need to to comply with multiple, and often overlapping cyber related regulations including the PCI Data Security Standards for the processing of credit card information and Sarbanes- Oxley for publicly traded corporations. These are in addition to the numerous noncyber-related power generation and distribution industry regulations requiring company compliance. The challenge of identifying and routinely meeting the requirements can be a daunting for many organizations. Meeting the aggressive NERC requirements, including the April 2016 deadline for NERC CIP (Critical Infrastructure Protection) Version 5 Framework is challenging by itself. The NERC CIP Framework only address a minimal baseline for security. Simply meeting compliance does not guarantee that an organization s web applications and data are secure. Those organizations wishing to enhance their security postures need to use NERC as a starting point and put in place more holistic solutions related to incident prevention, detection, and response. With the substantial punitive non-compliance penalties under NERC - some as high as $1 million dollars per day, organizations are driving to put in place preventive, investigative, and corrective cyber controls that enhance overall cyber security, are operationally efficient, and produce compliance outputs as a natural byproduct of the security best practices. CASE STUDY Addressing NERC Compliance in a Multi-Regulated Environment Electric Company Minimizes Resources Required for Maintaining Regulatory Compliance After spending close to $1 million dollars to mitigate auditor-discovered deficiencies during a PCI DSS audit, this company was interested in finding solutions that were applicable across PCI DSS, Sarbanes-Oxley, and NERC. There seemed to be a never-ending process of internal auditors, business application owners, and IT managers coming together to define and implement controls followed by wading through the volumes of information generated for the pieces that were relevant for each regulatory auditor. The process was too slow, too costly, and the manual efforts would not scale across multiple regulations without adding additional headcount which they did not have the budget to do. Solution Multiple database security vendors were trialed over a three month period before they deployed and standardized on Imperva SecureSphere. Imperva was able to discover a number of previously unknown database vulnerabilities across three different database platforms. Imperva also delivered regulation-specific reports, the ability to quickly and easily create ad-hoc reports, and captured the data necessary to address auditor requests such as: What are the vulnerabilities within databases that process financial information and/or store credit card information How are critical databases protected How are privileged users tracked How was the latest security incident addressed People-centric questions who, what, when and how Benefits Imperva SecureSphere Database Activity Monitoring provided an extensible reporting framework for addressing audits. It reduced the resources required to capture audit data for databases by over 75% while generating audit information in a comprehensive yet easy to understand format. In addition to addressing multiple regulations, overall security was increased. Finally, the deployment was functional and providing value the first day and required very little customization. The compliance and security teams that deployed and administered the solution were able to do so without database expertise. 2

Imperva provides that much needed universal connectivity and continuity across multiple regulatory frameworks, regulations, and requirements. Leveraging automation, centralized management, and an efficient, scalable architecture to deploy rapidly and sustain regulatory security requirements across a heterogeneous web, database, Big Data, and file environments. Intersection of Compliance and Security In January of 2008, FERC (Federal Energy Regulatory Commission) approved the initial NERC CIP Framework. But even before the official approval, bulk power organizations were working on solutions to address cyber security while also adhering to preliminary versions of the NERC CIPs from 2006. Several topics permeate multiple CIP standards and highlight the critical areas where compliance and security intersect: Cyber asset discovery and classification Cyber asset protection and monitoring Incident response i.e. survivability Auditing Reporting Applications and databases make up a substantial assortment of what is considered a critical cyber asset within bulk power organizations. Like any organization, bulk electric has enterprise applications such as SAP, Oracle e-business Suite, and PeopleSoft. Some of these systems reside in the corporate or IT network, others within the operations or control system network, while others are designed specifically to communicate across the once air gapped connection points. Some examples are: Customer self-service portals Supply chain management Customer relationship management Financial management Call centers Field force automation Archiving Frontends for legacy solutions Application relays for measurement We purchased SecureSphere to protect our Web applications from external attacks. We quickly realized that the same security should be applied to our internal applications protecting both engineering and IT. Today we monitor how all applications are being used and have regular meetings to review SecureSphere reports. Reporting has already identified security vulnerabilities within our applications, and alerted us to privileged operators not following organizational policy for data handling. DIRECTOR OF CYBER SERVICES AT A FORTUNE 500 SUPPLIER TO RETAIL AND WHOLESALE ELECTRIC AND NATURAL GAS CUSTOMERS Securing these application and database cyber assets is important for addressing NERC and other regulations as well as improving overall security. Not only do these assets process and store sensitive data, but they can also be used to administer non-cyber assets thus having a direct impact on the availability of control system assets such as SCADA (Supervisory Control and Data Acquisition). 3

Imperva Solutions for NERC As the market leader in data and application security in the cloud and on-premises, organizations with mission-critical environments trust SecureSphere to discover, audit, protect, and monitor their most sensitive assets. In addition to securing those assets, Imperva provides purpose-built compliance capabilities that automate the reporting process needed for demonstrating compliance with multiple regulations including NERC, PCI, Sarbanes-Oxley, GLBA, and others. The Application Defense Center (ADC), a premier research organization for security analysis, vulnerability discovery, and compliance expertise within Imperva ensures that the security analytics and compliance capabilities within Imperva are up-to-date with the most current trends. This takes the form of attack analytics, alerting, and reports. With ADC content, addressing multiple cyber regulations can be as easy as just addressing one. Control System/SCADA Operations Environment Databases Applications Applications Corporate/IT Environment Internet Databases Web Applications Auditors were hounding us to implement better oversight for our databases. With limited staff, none of which were DBAs, we needed a solution that was easy to implement, use, and would deliver the information our auditors needed. SecureSphere was taken out of the box and monitoring our databases in a half day with minimal configuration. We didn t even need to bring in our database contractor. The next day we brought the Imperva sales engineer into the office along with our auditors. The SE gave a demo of the product and we asked our auditors if this was what they wanted: they said yes. So we bought it and got back to the business of keeping the lights on. Mission-Critical Systems Internet Customers, Partners, Attackers EXECUTIVE DIRECTOR/PROJECT COORDINATOR AT ONE OF THE LARGEST DIVERSIFIED ENERGY COMPANIES IN NORTH AMERICA Architecture for Case Study: Securing applications and databases across environments 4

High-level Mapping of Imperva Solutions to NERC CIPS NERC CIP RELIABILITY STANDARDS FOR CYBER CIP-002 BES Cyber System Categorization CIP-003 Security Management Controls IMPERVA SOLUTIONS Automatically discover cyber assets (applications and databases), sensitive data, and scan for vulnerabilities within those systems (sensitive systems/networks/ports that should not be scanned can be white listed) Control access to applications, databases, and sensitive data CIP-004 Personnel and Training CIP-005 Electronic Security Perimeter CIP-006 Physical Security of Critical Cyber Assets Imperva professional services can provide training. Standard audit reports can be generated listing authorized users. Advanced reports combining multiple elements (user identities, data accessed, method of access). i.e. SQL operation and query, and context i.e. source application, time, IP) can also be configured and optionally scheduled for user or task specific analysis Protect against Web application attacks Monitor and enforce database access Collect and analyze audit data for compliance and forensic analysis Protect applications used for archiving physical security logs CIP-007 Systems Security Management Limit application and database operations based on normal versus emergency operations CIP-008 Incident Reporting & Response Planning Role-based incident reporting, real-time dashboards, with drill-down analysis CIP-009 Recovery Plans for Critical Cyber Assets CIP-010 Configuration Management CIP-011 Information Protection Testing of application and database security policy rollovers between normal and emergency operations Integrate with a change management ticketing system to verify change approval. Routine run vulnerability assessments to scan for risks. Utilize the Imperva data security framework and solutions to discover, classify, assess systems and users, set policy, monitor, measure and report. CASE STUDY Securing Applications and Databases Across Environments Hydro Plant Embraces Cyber Security A company allows customers and partners to interact with their portals for customer self-service and Business Process Outsourcing (BPO). Tens of thousands of customers and hundreds of partners were interacting with these systems daily. Following a data theft incident, they wanted a solution designed to protect applications and the sensitive data within them. Solution Reasons for choosing Imperva Leveraged for applications and databases Correlate sessions between applications and databases pinpointing which user, through a Web application, accessed what data in a database In case of emergency, reduce the allowable access to applications to a pre-defined set of minimal, allowable services Protect applications that are Internet-facing, within the corporate network, and within the control system network Benefits During the evaluation period, Imperva discovered several applications within the control system environment communicating with systems in the corporate environment. This was an unexpected finding for several members of the IT team. Further, some of those corporate systems were made available online to partners. Because of the inherent risk of having the control system environment exposed, they decided to secure applications across their entire ecosystem. SecureSphere Web Application Firewall (WAF) and Database Firewall protects their applications and databases from external attackers, attackers masquerading as trusted users, and nefarious or careless insiders. 5

Compliance Reporting Automation The process of going through an audit can be time-consuming and costly. Many organizations spend vast amounts of resources conducting information discovery exercises which are manual and highly error prone. Imperva SecureSphere not only automates many of the requirements for discovery and audit reporting, but helps to reduce risks associated with failing an audit by providing accurate and holistic output. To further accelerate the audit process over 300 pre-built reports come standard with SecureSphere. The creation of custom reports is fast and easy, requiring no actual report writing or SQL scripting. In addition to security and compliance-specific reports, purpose-built reports that cover common enterprise applications such as SAP, Oracle e-business Suite, and PeopleSoft are also offered thus delivering a comprehensive reporting framework for application and database analysis and auditing. Imperva SecureSphere helps automate the process of addressing multi-regulated environments. It provides purpose-built content such as audit-level reports to illustrate compliance with NERC. It also provides a universal solution across control system, corporate, and Internet-facing environments where application and database assets require security. Addressing security and compliance in tandem provide both sensitive data protection and automation and standardization of audit tasks in a single, easy to use solution. Following the tenants of maximum availability, Imperva SecureSphere is designed to require the absolute minimum impact on networks, and enterprise applications. In most cases, network architecture reconfiguration and software configuration changes are not even required, nor is the installation of software. Thus, performance is not impacted on these enterprise applications. This model of a minimal operational footprint is one of the chief reasons why Imperva SecureSphere is so desirable in control system environments. There is also the added bonus of supporting separation of duties. For example, by providing auditing capabilities that reside within Imperva, outside of a database, DBA activity can be monitored without enlisting the support of the DBAs. This is a very powerful capability and allows for the detailed monitoring of privileged users. When it comes to protecting databases and applications in the cloud and on-premise, SecureSphere Web and Database Security Solutions deliver industry-leading security. In addition to securing critical infrastructure, Imperva can help automate NERC CIP compliance and other cyber regulations. 2016, Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula, Skyfence, CounterBreach and ThreatRadar are trademarks of Imperva, Inc. and its subsidiaries. All other brand or product names are trademarks or registered trademarks of their respective holders. CS-Imperva-NERC-US-0316-v4 imperva.com 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information