How To Monitor Your Entire It Environment



Similar documents
Symantec Control Compliance Suite Standards Manager

Altiris IT Management Suite 7.1 from Symantec

Altiris Asset Management Suite 7.1 from Symantec

Altiris IT Management Suite 7.1 from Symantec

Altiris Server Management Suite 7.1 from Symantec

8 Key Requirements of an IT Governance, Risk and Compliance Solution

The Impact of HIPAA and HITECH

Athena Mobile Device Management from Symantec

Symantec Server Management Suite 7.6 powered by Altiris technology

IBM Tivoli Endpoint Manager for Security and Compliance

Closing the Vulnerability Gap of Third- Party Patching

Cyber Security Services: Data Loss Prevention Monitoring Overview

Symantec Mobile Management 7.1

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Total Protection for Compliance: Unified IT Policy Auditing

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Symantec Control Compliance Suite. Overview

Optimizing the Data Center for Today s Federal Government

Optimizing the Data Center for Today s State & Local Government

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Symantec Mobile Management 7.1

Simplify Your Windows Server Migration

Continuous Diagnostics & Mitigation:

IBM Tivoli Endpoint Manager for Security and Compliance

White Paper: Consensus Audit Guidelines and Symantec RAS

Federal Desktop Core Configuration (FDCC)

QRadar SIEM 6.3 Datasheet

Symantec Client Management Suite 8.0

BMC Client Management - SCAP Implementation Statement. Version 12.0

Leveraging a Maturity Model to Achieve Proactive Compliance

Vulnerability Management

White Paper The Dynamic Nature of Virtualization Security

Symantec Mobile Management 7.2

Symantec Mobile Management for Configuration Manager 7.2

Data Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor

Asset Discovery with Symantec Control Compliance Suite

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Security Content Automation Protocol for Governance, Risk, Compliance, and Audit

Symantec Cyber Security Services: DeepSight Intelligence

How To Buy Nitro Security

Payment Card Industry Data Security Standard

Symantec Client Management Suite 7.6 powered by Altiris technology

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec IT Management Suite 7.5 powered by Altiris

Enterprise Security Solutions

Symantec Enterprise Vault for Microsoft Exchange

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Continuous Monitoring

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

IBM Tivoli Endpoint Manager for Lifecycle Management

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

Continuous Network Monitoring

FREQUENTLY ASKED QUESTIONS

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation

INFORMATION PROTECTED

Simplify SSL Certificate Management Across the Enterprise

Symantec Asset Management Suite 7.5 powered by Altiris technology

FISMA / NIST REVISION 3 COMPLIANCE

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Clearwell Legal ediscovery Solution

IBM Security IBM Corporation IBM Corporation

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

What s New in Ghost Solution Suite 3.0

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

2012 Endpoint Security Best Practices Survey

Medicaid MITA: Innovative COTS solutions for IT Risk Management

Symantec Advanced Threat Protection: Network

Symantec Backup Exec 2012

How To Manage Security On A Networked Computer System

Symantec ServiceDesk 7.1

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Symantec Enterprise Vault for Microsoft Exchange

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

IBM Tivoli Endpoint Manager for Lifecycle Management

Data Sheet: Backup & Recovery Symantec Backup Exec 12.5 for Windows Servers The gold standard in Windows data protection

Symantec Mobile Security

IBM Endpoint Manager for Lifecycle Management

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

Symantec Asset Management Suite 8.0

Symantec Enterprise Vault for Microsoft Exchange Server

Data Sheet: Archiving Symantec Enterprise Vault Discovery Accelerator Accelerate e-discovery and simplify review

eeye Digital Security Product Training

Data Sheet: Archiving Altiris Client Management Suite 7.0 from Symantec Deploy, manage, secure, and troubleshoot

McAfee Server Security

Symantec Asset Management Suite 7.6 powered by Altiris technology

Reducing the cost and complexity of endpoint management

Mayur Dewaikar Sr. Product Manager Information Management Group Symantec Corporation

Why Free Patch Management Tools Could Cost You More

ORACLE ENTERPRISE MANAGER 10 g CONFIGURATION MANAGEMENT PACK FOR ORACLE DATABASE

Lumension Endpoint Management and Security Suite

Transcription:

Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution

White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................ 1 The Need for Continuous Monitoring...................................................................... 2 Challenges of Continuous Monitoring...................................................................... 2 How Can Symantec Help?................................................................................. 3 True Value to the CISO................................................................................... 4 Summary............................................................................................... 5

Preparing for FISMA 2.0 and Continuous Monitoring Requirements Introduction The IT landscape is continually changing and the Analysts managing our organizations are challenged with maintaining secure configurations regardless of the influx in the number and complexity of devices. With this increase in devices, various applications and operating systems are installed with differing images depending on roles, responsibilities and job functions within an organization. This results in a risk posture that is never constant. To address this challenge, Symantec assists our customers by focusing on a best practices approach called Situational Awareness. This methodology combines four key solution areas encompassing the concepts of Continuous Monitoring, Global Visibility & Incident Response, Automation & Reporting and Predictive Analysis. This four vector approach provides complementary capabilities that enable organizations to use best practices to: continuously monitor their entire IT organization, rapidly deploy new countermeasures, and most importantly, verify secure configurations and the overall state of security and health. An important note to keep in mind is that Symantec s Situational Awareness approach can be flexibly orchestrated to meet agencies unique requirements for timing and frequency. Each component has a specific purpose. Symantec s Continuous Monitoring advocates a standardized, automated way to discover new assets, collect the current states of those assets, as well as create patches to ensure a secure baseline. Through Global Visibility & Incident Response, organizations should collect and correlate events focused on critical incidents and compare these with external global intelligence feeds to provide a broadened picture outside the community in which their organization resides. Hundreds of vulnerabilities are publicly announced each week and the daily attempts at exploiting those are in the millions. Analyzing beyond the organization into communities is increasingly important. As we extend beyond understanding the internal environment to the external environment, the next step in the approach is Automation & Reporting. Here we begin understanding what trends are occurring and reporting to the appropriate stakeholders the impact it may have on the business or mission. Automation becomes a key component to streamlining business processes and efficiencies across the organization. This enables organizations to have a machine to machine approach so analysts can focus their attention on high priority items. The last step in this best practice 1

Preparing for FISMA 2.0 and Continuous Monitoring Requirements methodology is Predictive Analysis. This moves beyond the here and now and focuses on predicting what may come. It allows for a more proactive posture by incorporating a multitude of capabilities which encompass static as well as dynamic analysis to include human analytics with tools and technologies. In this whitepaper, we will focus on the Continuous Monitoring solution in Symantec s Situational Awareness approach. The Need for Continuous Monitoring The 2010 Federal Information Security Management Act, also referred to as FISMA 2.0, includes an important measure requiring the continuous monitoring of information systems as part of every agency s information security program. Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described by National Institute of Standards and Technology (NIST). According to guidance outlined by NIST The objective of the continuous monitoring program is to determine if the set of deployed security controls continue to be effective over time in light of the inevitable changes that occur. 1 The Office of Management and Budget (OMB) has set a deadline for agency CIOs to implement software to continuously monitor the security of their networks by the end of the 2012 government fiscal calendar. The goal of this paper is to facilitate discussion and familiarization of Symantec offerings for those charged with meeting this OMB deadline. Agencies collectively spending billions of dollars to manually monitor and report on information security programs need to turn to continuous monitoring solutions to comply with FISMA 2.0 in the face of budget constraints. Symantec understands the challenges of this transition and the requirements for a software-based solution. Through a five-step comprehensive approach, Symantec enables agencies to monitor their entire IT environment continuously, remediate those items out of compliance and vulnerable, and report in compliance with federal data call requirements. Challenges of Continuous Monitoring Changes to IT infrastructure driven by dynamic networks and the exponential growth in the number and types of attacks are outpacing the ability to track changes across a heterogeneous IT infrastructure with manual processes and current paper-based systems. The idea behind continuous monitoring is to know, in real-time or near real-time, the health of the organization s network. This empowers the Department of Homeland Security and agencies to address threats or potential threats sooner. However, agencies have been hard pressed to identify solutions that meet the visibility, ease-of-use, real-time tracking, and reporting requirements. Instead, agencies have turned to teams of consultants to monitor and report on a plethora of heterogeneous systems a few times a year. To comply with FISMA 2.0 in the face of resource constraints, federal agencies need continuous monitoring solutions specifically designed to overcome current monitoring challenges by enabling: The ability to establish a baseline inventory of networks and their associated IT assets Visibility across disparate systems desktops, servers, network devices through a single console 1-National Institute of Standards and Technology, Special Publication 800-37, Revision 1, Applying the Risk Management Framework to Federal Information Systems, February 2010, Appendix G, Page G1. 2

Preparing for FISMA 2.0 and Continuous Monitoring Requirements Streamlined adoption with a solution that implements easily, requires minimal training, and generates tangible results immediately Automation of repeatable processes which optimizes the use of IT and Information Security staff Automatic incorporation of threat bulletins such as Situational Awareness and Information Assurance Vulnerability Management Reports in order to begin resolution in a timely manner Easily exportable reports in required formats such as.csv,.xls, CVE, CPE, CCE (CyberScope) How Can Symantec Help? Symantec s Continuous Monitoring Solution for federal government addresses these challenges through the five steps shown below. Five-Step Continuous Monitoring Process 1) Continuous Discovery Discover and maintain a near real-time inventory of all networks and IT assets including hardware and software classified by Common Platform Enumeration (CPE) for threat bulletins Identify and track rogue networks, hosts, or applications running on desktops, laptops and servers 2) Vulnerability Assessment Automatically scan and compare IT asset configurations against various criteria including Common Computer Vulnerabilities (CCV), National Vulnerability Database (NVD) and Security Content Automation Protocol (SCAP) repositories to determine vulnerabilities, and leverage workflow to automate Information Assurance Vulnerability Alert (IAVA) and Situational Awareness Reports (SARS) activities Prioritize findings and provide detailed reporting by agency unit, platform, network, asset class, Common Vulnerability Scoring System (CVSS) Score, and vulnerability type 3

Preparing for FISMA 2.0 and Continuous Monitoring Requirements 3) Configuration Audits Continuously evaluate client, server, and network device configurations and compare with standards and policies including NIST and SCAP-compliant check lists Gain insight into problematic IA Controls, usage patterns and access permissions of sensitive data 4) Patch Management Automatically deploy and update software to eliminate vulnerabilities and maintain compliance Correct configuration settings including network access and provision software according to the end-user s role and policies 5) Analytics & Reporting Aggregate disparate system logs and events into one central location and automatically analyze and correlate unusual activities in compliance with regulations True Value to the CISO With the Symantec Continuous Monitoring Solution CIOs get a comprehensive solution that delivers a range of benefits including: Flexible Options for Data Acquisition Dissolving agent, agent, removable media scan support, agent-less Scalability Asynchronous discovery scanning and standards-based Service Oriented Architecture (SOA) architecture Centralized or distributed scanner deployment options provide linear scalability Software based with virtual management support web based console Software Development Kit (SDK) SCAP Leadership FDCC content provider, Mac OS X, Oracle Solaris, UNIX, Cisco, STIGS Integration Command and control of existing 3 rd party scanners Integration with third party products 4

Preparing for FISMA 2.0 and Continuous Monitoring Requirements Open Architecture, Enterprise Ready Microsoft Server 2003/2008 application, Microsoft SQL Server 2005 database, Internet Information Services (IIS) for Windows Server Role-Based Access Control(RBAC): Granular RBAC with least privilege access control model Reporting Easily exportable reports in required format such as.csv,.xls, CVE, CPE, CCE (CyberScope) Summary Are you prepared to address FISMA 2.0 and the OBM s 2012 deadline to implement a continuous monitoring software solution? The Symantec Continuous Monitoring Solution for federal government was designed to help you transition from a manual, paper-based solution to an affordable, effective, and compliant software-based approach. The five-step process enables agencies to monitor the entire IT environment continuously, remediate those items out of compliance and vulnerable, and report in compliance with federal data call requirements. With more than a decade of work with federal agencies, Symantec has developed a deep understanding of the unique challenges government agencies face and how to address these challenges. 5

About Symantec Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com. For specific country offices and contact numbers, please visit our website. Symantec World Headquarters 350 Ellis St. Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com Symantec helps organizations secure and manage their information-driven world with IT Compliance, discovery and retention management, data loss prevention, and messaging security solutions. Copyright 2011 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 6/2011 21191404

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information