Download Information Assurance, Network Ops, and Cyber

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Information Assurance,
Network Ops, and Cyber
Security: Filling the Gaps
with SecureVue®
EiQ Networks
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
Information Assurance, Network Ops,
and Cyber Security: Filling the Gaps with
SecureVue®
Deploying Standard SIEM Leaves Major Gaps in DoD Infrastructure. SecureVue
Addresses Multiple Requirements with Single Capability
Current Gaps
Each US DoD Installation has critical requirements related to information assurance,
network operations, and cyber security. These requirements include:
• Audit Log Management/SIEM
• STIG Compliance
Audit Log Management/SIEM
By way of Department of Defense directives, all DoD facilities are required to deploy
a tool to capture all audit log data for the purposes of forensics. Some of these
mandates are encapsulated within security processes and controls identified in DoD
8500.2, “Information Assurance (IA) Implementation:”
• (8500.2 ECRG-1) “provide audit report generation tools that highlight security significant
events that might warrant additional investigation.”
• (8500.2 ECRG-1) “provide tools for the review of audit records and for audit report generation.”
• (8500.2 ECRG-1) “generate audit reports in a readable format.”
STIG Compliance
In accordance with DoD 8500.1, “Information Assurance (IA),” hosts and devices
connected to the network must be configured in accordance with security
configuration guidelines (e.g. DISA STIGs):
• (8500.1) “All IA and IA-enabled IT products incorporated into DoD information systems shall be
configured in accordance with DoD-approved security configuration guidelines”
Today, DoD IA and network teams spend a significant amount of time and money
verifying compliance against the DISA STIGs. On average, the amount of time to
verify whether a single server is compliant with a DISA STIG can range from two to
four hours. The DoD is spending thousands of man-hours every year conducting
these tasks manually, with minimal toolsets and practically zero automation. Even
with such a significant investment year over year, there is still no ongoing view of
compliance across commands, brigades, and installations.
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
12 Post Office Square,
Boston, MA 02109
Tel: +1.617.337.4880
Fax: +1.978.266.0004
eiqnetworks.com
Most DoD enclaves conduct compliance audits only on an as-needed basis, or just
prior to inspections–but of course, this is not actually practicing true information
assurance. Continuous monitoring is rapidly becoming a mandate for IA; but
continuous approach to STIG compliance using the tools that DoD has at its disposal
today is an impossible task.
assets against the DISA STIGs on a continuous basis.
How SecureVue Meets These Challenges
SecureVue provides capabilities required for the purposes of regulatory compliance
and operations. This includes log management/SIEM and STIG compliance
automation.
The biggest difference between SecureVue and any other SIEM solution is simple:
SecureVue can audit network devices, servers, and applications against the DISA
STIGs. Other SIEMs and log management tools cannot. SecureVue is in a unique
position to provide an overall view into a device’s compliance with the DISA STIGs
while meeting DoD Audit Log Management/SIEM requirements. The key reason for this
capability is simple: SecureVue looks beyond just event data and collects a device’s
state data meaning it knows how a device is actually configured, what applications
and users make up a system, and what actual changes to the configuration of a device
has occurred. Traditional log management/SIEM tools focus on event-based data and,
as a result, cannot provide insight into the state of a system.
Using Event Data and State Data to Provide More Context, Intelligence
The intelligence provided by SIEM and log management tools is derived primarily
from event data generated from servers, applications, and network devices. Event
data describes an actual event such as a failed login event. In the event, there is the
source IP, destination IP, event ID, description, etc. Event data is important because
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
it explains specifics around an actual event. Unfortunately, event data does not
describe the state of the system. In other words, event data cannot describe how the
device is configured, software installed, services running, etc. All SIEM and audit log
management solutions, including SecureVue, look at event data. They pull in events
from different sources such as firewalls, proxies, AV solution, etc. and give you a way to
identify critical events. While SecureVue does an excellent job at this and helping you
identify what events are critical, the fundamental differentiator between SecureVue
and any other SIEM or Log Management solution is that SecureVue also looks at the
state of a system. So SecureVue can now tell you how a device is configured, what
changes were made to the system between yesterday and today, what patches are
missing, etc. SecureVue can also take it a step further and translate that state data
into useful compliance data. Meaning SecureVue can show you how compliant
your devices are against the DISA STIGs, CIS standards, or USGCBs. The only reason
SecureVue can provide these added capabilities is by the fact that it is looking at state
data.
Enterprise Data Correlation and Situational Awareness
EiQ’s SecureVue combines, analyzes, and provides actionable intelligence using
data collected from the various security and compliance data silos throughout the
enterprise, to provide greater cyber situational awareness capability across DoD
networks as illustrated in the following diagram:
SecureVue is a true unified situational awareness platform that delivers
comprehensive security intelligence and provides the real-time information that
defenders need to identify, prioritize, and respond to modern security threats.
SecureVue:
• Protects Against Cyber Attacks – SecureVue monitors compliance and trending against best
practice polices and security controls, as well security abnormalities that aren’t necessarily
outside the range of compliance, all from a single console.
• Detects Data Breaches – SecureVue monitors real-time security and compliance of multiple
data types, cross-correlates all information for early breach detection and notification.
• Responds to Breaches and Policy Violations – SecureVue minimizes mean-time-to-repair
through fast and efficient forensics across all security-related data – all from within a single
report. Additionally, SecureVue’s built-in workflow engine provides IA personnel with the tools
they need to immediately respond to policy violations and potential attacks.
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
Enterprise Compliance
A complete solution for DISA STIG compliance, SecureVue provides continuous,
automated auditing against DISA STIG checklists and requirements to ensure secure
configurations across federal systems. SecureVue collects all security-related data –
not just logs and other events – from servers, operating systems, workstations, and
network devices such as routers, firewalls, and databases for both enterprise and
desktop applications, and tracks changes over a period of time against predefined
baselines including appropriate STIGs. With EiQ’s SecureVue, federal government
agencies can quickly and easily ensure consistent, continuous compliance with DISA
STIGs, achieve rapid certification and accreditation (C&A) against DIACAP and other
standards, and ensure situational awareness across the organization.
Audit Log Management/SIEM
EiQ’s SecureVue collects, analyzes, and correlates every log and security event that
occurs across a government agency, fulfilling the requirements for 8500.2 and 800-53
to collect and review all audit logs. SecureVue continuously correlates every logon,
logoff, file access, attack, and database query to deliver accurate detection of security
incidents, risks, and compliance violations. SecureVue can also analyze and correlate
millions of events with other security data, including configuration changes and other
stateful data, security control violations, known vulnerabilities, performance metrics,
file integrity, and other information to identify anomalies and incidents. Personnel
are immediately alerted through real-time dashboards, monitors, notifications, and
reports, so immediate action can be taken.
SecureVue Provides Best Value at the Lowest Cost
As explained above, SecureVue delivers capabilities that are not available within
ArcSight or other log management/SIEM tools. SecureVue solves a number of
challenges at the installation level. Rather than spending countless hours conducting
manual audits against applicable DISA STIGs, installations can use SecureVue to
provide continuous STIG monitoring in an automated fashion in a fraction of the time.
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
Summary
Throughout this document, we have addressed gaps that currently exist within
the DoD infrastructure. Common gaps addressed by SecureVue include Audit Log
Management/SIEM and STIG Compliance. SecureVue is the only tool on the market
today that can meet both of these requirements with a single capability. As a result,
we have a significant deployment base in the Department of Defense and the US Army.
EiQ Networks provides a simple, elegant and highly scalable solution to these issues:
Any tool deployed to close these gaps should be measured against the total overall
value it brings to the DoD. We are confident when we say that no other tool today can
meet all of these challenges at the same low cost as SecureVue.
About EiQ Networks
EiQ Networks, a pioneer in security hybrid SaaS and continuous security intelligence
solutions and services, is transforming how organizations identify threats, mitigate
risks, and enable compliance. EiQ offers SOCVue, a security hybrid SaaS offering, and
provides 24x7 security operations to Small to Medium enterprises who need to protect
themselves against cyber attacks but lack resources or on-staff expertise to implement
an effective security program. SecureVue®, a continuous security intelligence platform,
helps organizations proactively detect incidents, implement security best practices,
and receive timely and actionable intelligence along with remediation guidance.
Through a single console, SecureVue enables a unified view of an organization’s
entire IT infrastructure for continuous security monitoring, critical security control
assessment, configuration auditing, and compliance automation.
For more information, visit: http://www.eiqnetworks.com.
© 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue, SOCVue, ComplianceVue, ForensicVue, and
Continuous Security Intelligence are trademarks or registered trademarks of EiQ Networks, Inc. in the US and/or other countries. All other product
names and/or slogans mentioned herein may be trademarks or registered trademarks of their respective companies. All information presented here is
subject to change and intended for general information.
Related documents
Terms and Conditions
Terms and Conditions
Porcelanosa Warranty
Porcelanosa Warranty
Title Text - Drug Information Association
Title Text - Drug Information Association
TERMS AND CONDITIONS OF USE FOR WWW.ENDOLOGIX.COM
TERMS AND CONDITIONS OF USE FOR WWW.ENDOLOGIX.COM
Understanding Customers through Data: A Data Miner`s View
Understanding Customers through Data: A Data Miner`s View
Bowling Green, Kentucky AP Macro Economics Summer Institute
Bowling Green, Kentucky AP Macro Economics Summer Institute
Why IMS? In the current business environment, most operators are
Why IMS? In the current business environment, most operators are
UL9540 Overview
UL9540 Overview
Tips and Tricks - Combining Functions Using
Tips and Tricks - Combining Functions Using
detail - National Taiwan University
detail - National Taiwan University