The Convergence of Security and Compliance

Similar documents
The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

White Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Carbon Black PCI Compliance Mapping Checklist

Compliance 101: Basics for Security Professionals

Traditional Security Solutions Have Reached Their Limit

Reducing the Cost of Incident Response

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Product Security Program

NIST Special Publication

locuz.com SOC Services

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

THE TRIPWIRE NERC SOLUTION SUITE

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Maximizing IT Security with Configuration Management WHITE PAPER

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Total Protection for Compliance: Unified IT Policy Auditing

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Aligning with the Critical Security Controls to Achieve Quick Security Wins

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

McAfee Embedded Control

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Comprehensive Database Security

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Best Practices in Securing a Multicloud World

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

INTELLIGENCE DRIVEN GRC FOR SECURITY

Industrial Defender ASM. for Automation Systems Management

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Mapping BeyondTrust Solutions to

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

McAfee Embedded Control for Retail

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Business Context: Key for Successful Risk Management

SIEMLESS THREAT MANAGEMENT

Tracking and Reporting

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

ForeScout ControlFabric TM Architecture

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

SIEM: Five Requirements that Solve the Bigger Business Issues

Reinvent Your 2013 Security Management Strategy

FireMon Security manager

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Device Discovery for Vulnerability Assessment: Automating the Handoff

Watson Developer Cloud Security Overview

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Protect Your End-of-Life Windows Server 2003 Operating System

Automating the Top 20 CIS Critical Security Controls

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

GDPR drives compliance to top of security project list for 2018

ITSM SERVICES. Delivering Technology Solutions With Passion

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Protect Your End-of-Life Windows Server 2003 Operating System

IBM Proventia Management SiteProtector Sample Reports

Compliance in 5 Steps

Managing Business Risk with Assurance Report Cards

Escaping PCI purgatory.

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Managed Endpoint Defense

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

PROFESSIONAL SERVICES (Solution Brief)

Demonstrating Compliance in the Financial Services Industry with Veriato

ISE Canada Executive Forum and Awards

Information Security Risk Strategies. By

SecureVue. SecureVue

White Paper. How to Write an MSSP RFP

Threat Centric Vulnerability Management

NEXT GENERATION SECURITY OPERATIONS CENTER

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Compliance Audit Readiness. Bob Kral Tenable Network Security

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Building a Case for Mainframe Security

Managed Security Services - Endpoint Managed Security on Cloud

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Are we breached? Deloitte's Cyber Threat Hunting

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

EMC Ionix IT Compliance Analyzer Application Edition

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.

Security Operations & Analytics Services

SIEMLESS THREAT DETECTION FOR AWS

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

GDPR: An Opportunity to Transform Your Security Operations

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Modern Database Architectures Demand Modern Data Security Measures

Vulnerability Assessments and Penetration Testing

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

ISO27001 Preparing your business with Snare

External Supplier Control Obligations. Cyber Security

IBM Security Services Overview

Using GRC for PCI DSS Compliance

Transcription:

ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls

Table of Contents Introduction....3 Positive versus Negative Application Security....3 Continuous Audit and Assessment of the Compliance Validation Process....4 FIM/FIC Reporting....6 Correlated Contextual Logging....7 Risk Analysis and Measurement Vulnerability Threat and Risk Weighting....8 Enterprise Configuration Delta Monitoring....9 Policies and Procedures Audit Consolidation and Security Awareness....10 Summary...11 The Convergence of Security and Compliance 2

Introduction IT security and compliance professionals are under constant pressure to ensure ongoing compliance with industry regulations such as the Payment Card Industry (PCI) Data Security Standard, required for retailers and other merchants, or HIPAA /HITECH, required for healthcare organizations. If an organization is noncompliant, it can face significant fines and suffer significant damage to its corporate brand. This ebook defines potential compliance and security gaps, identifies what effect these gaps can have on your organization, and explains how a positive security solution can close these gaps to protect servers and endpoints, and help ensure compliance with industry regulations. This will include a discussion around five core compliance controls: 1. Continuous audit and assessment of the compliance validation process 2. File integrity control / file integrity monitoring and correlated contextual logging 3. Risk analysis and measurement 4. Configuration delta monitoring 5. Policy and security awareness audit consolidation While the compliance controls apply to a variety of compliance regulations including SOX, HIPAA, PCI DSS, NERC, Gramm-Leach-Bliley, etc., we will refer to PCI DSS compliance requirements primarily within this ebook in instances where case examples are required because its prescriptive approach to security makes it one of the highest regarded frameworks. Positive versus Negative Application Security The two approaches to system security most often discussed are positive and negative solutions. Both are entirely different in all of their characteristic behaviors. Signature-less security and signaturebased security are two examples of positive and negative security rules, respectively. Both positive and negative security approaches operate according to an established set of rules. However, positive, proactive security is based on a known/good model and focuses on what you want to allow on your systems according to a business process. Every rule added to a positive security model increases what is known and allowed. Negative security is based on a set of bad applications that you already know exist and it denies access based on what was previously identified as bad. Negative security policies do not take into account how the application works; they only notice what accesses the application and if that access violates any negative security patterns or signatures. The Convergence of Security and Compliance 3

Continuous Audit and Assessment of the Compliance Validation Process Industry security standards provide recommendations about the type of security solution an organization should use to protect endpoints against malware and vulnerabilities. For example, the objective of PCI DSS 5.1 is to ensure systems are not exposed to ANY potential vulnerability that can endanger the integrity of the server/endpoint and risk the compliance state. In the past, industry security standards have recommended using an antivirus (AV) or host-based intrusion prevention system (HIPS) negative solutions that may have worked previously but are ineffective against today s dynamic advanced threats and zero-day attacks. Negative solutions are constantly scanning and patching updates to the signature set; a process that is highly CPU-intensive and negatively affects endpoint performance, which in turn can negatively affect SLAs and increase administration requirements and costs. This can have severe consequences for all organizations that need to be agile. For example, the dynamic nature of the retail business cycle requires a solution that consumes very few system resources so response times are acceptable and don t negatively affect customer satisfaction. Industry experts, including assessors and auditors, recognize shortcomings of negative solutions and are now recommending that organizations make the shift toward positive solutions. Positive solutions also are endorsed by many standards organizations and are widely recognized by businesses worldwide as the best practice for locking down and protecting POS systems, kiosks, servers and remote desktops/laptops. A positive solution (1) requires very few system resources, (2) can proactively drive a security policy to the endpoints allowing only trusted applications to run, and (3) detects, identifies, ranks, eliminates and blocks malicious software. In addition, a positive solution can: Identify all IT assets Categorize the risks Verify the security controls Perform continuous monitoring of these controls Provide reports that enable IT to take proactive, corrective actions and/or prove compliance In summary, this is the first validation shift: a transition from a negative solution to a positive solution, such as Carbon Black Enterprise Protection, in order to provide continuous protection, enable full visibility of your in-scope enterprise assets to measure risk, verify controls and continuously monitor endpoints. The Convergence of Security and Compliance 4

Figure 1: Cb Enterprise Protection Drift Reports Figure 1 is an illustration that shows how Cb Enterprise Protection drift reporting is used to monitor good and bad change on an endpoint, and how that change can affect the compliance stance of the enterprise. Cb Enterprise Protection can determine: Approved drift that which you expect to see as part of the regulatory policy (patches, updates and approved files with no known vulnerabilities that can affect or risk your compliance stance). Unapproved drift that which you do not want on your systems as it can affect your compliance policy and risk. Unapproved drift appears in two ways. 1. A new marked vulnerability within the Cb Enterprise Protection regulatory template event view 2. An unexplained compelling compliance event caused by the introduction of a file or system that is out of compliance with the regulatory Cb Enterprise Protection policy. The Convergence of Security and Compliance 5

FIM/FIC Reporting Part of any compliance assessment process involves segmenting the network infrastructure and assets in order to narrow the scope of compliance. With Cb Enterprise Protection you can easily scope OUT compliance requirements to secure the infrastructure, while avoiding the complexity of the applicable compliance metrics (e.g., PCI DSS, HIPAA, etc.). Cb Enterprise Protection offers file integrity control mappings to enable control and file integrity monitoring. This eliminates much of the white noise and lets you address a smaller segment of the compliance scope, making for an easier audit. Cb Enterprise Protection also provides mapping of and templates for required critical files to control and monitor across many different operating systems. Figure 2: Cb Enterprise Protection s File Integrity Control Rule Filter. The Convergence of Security and Compliance 6

Correlated Contextual Logging Cb Enterprise Protection takes the integrity process a step further, eliminating excessive noise by providing correlated contextual logging out to third-party security information and event management solutions. Both the proof and measure on the integrity of the audit logs, as well as advanced threat information, is provided in direct context to the compelling event. Figures 3 and 4 are examples of Cb Enterprise Protection file integrity control and monitoring. The first is the Compliance Enforcements view. The list of enforcement events demonstrates that Cb Enterprise Protection can enforce by policy. You use this to (1) demonstrate to auditors that you are enforcing policy and (2) correlate into the events that are critical to your business to build context around your data. This is a very powerful feature, which helps lower the administrative burden of compliance pre-assessment data gathering and produces a contextual report of all enforcements that are out-of-line with the compliance policy. Figure 3: Compliance Enforcements view. Figure 4: File Integrity Control view, showing critical changes. The Convergence of Security and Compliance 7

Risk Analysis and Measurement Vulnerability Threat and Risk Weighting Risk analysis and measurement are best described within the context of a specific compliance regulation, such as PCI. For example, PCI requirement 6.1 requires organizations to identify and assign a risk ranking to vulnerabilities. Cb Enterprise Protection provides a logical proactive alternative to threat and risk analysis of in-scope assets, and assists in the collection of risk metrics utilizing the templates already incorporated within the solution. Cb Enterprise Protection compliance validation monitoring introduces threat-driven policies to pinpoint the exact data that needs to be identified and quantified under requirement 6.1. By providing a real-time analytic feed from Carbon Black Threat Intel, along with a comparison of the corporate golden image, Cb Enterprise Protection will produce a risk analysis out of the gate, without the need for manual intervention. Moreover, Cb Enterprise Protection eliminates risk because it will block malicious code if the risk is deemed too high. The remediation of vulnerabilities is also part of the requirement. Cb Enterprise Protection provides data that can also be used to categorize risk across the infrastructure, enabling you to set priorities and assign objectives in order to bring systems in line with compliance and security requirements. Figures 5 and 6 are examples of reports that assess risk across the enterprise. Figure 5: Risk Trend Report Figure 6: File Risk Measurement Report The Convergence of Security and Compliance 8

Enterprise Configuration Delta Monitoring The Cb Enterprise Protection positive enhanced, up-to-date file asset inventory information so you can build business intelligence around these file assets. This information is combined with the Cb Threat Intel data, threat and malicious inventory, and IT trust data to help you proactively monitor your enterprise systems. Through advanced delta comparison of endpoints, you can easily sift out any activity that is deemed untrustworthy or has a negative effect on your compliance posture. By utilizing threat and risk metrics across the enterprise, you can compare endpoints individually, or to a group of endpoints and get a snapshot of the status of the systems (see Figure 7). More importantly, you get a view into the status of all activity across the enterprise and the ability to control assets and enforce compliance. Figure 7: Comparison of endpoint risk across the enterprise The Convergence of Security and Compliance 9

Policies and Procedures Audit Consolidation and Security Awareness Cb Enterprise Protection can assist you in distributing and enforcing a compliance policy and put mechanisms in place to inform and educate end users on those established policies. Cb Enterprise Protection adds a higher level of awareness and audit to the compliance policy in question. Using Cb Enterprise Protection templates, you can ensure that end users are directed to review and acknowledge their review of the corporate security and compliance policy. Cb Enterprise Protection also provides an audit trail confirming that the policy was consumed. Figure 8: Screenshot demonstrating compliance enforcement with Cb Enterprise Protection With Cb Enterprise Protection s high-enforcement level, an end user is notified when an attempted application installation is outside of the internal security compliance policy. The application is blocked and the end user is notified and requested to both accept and acknowledge the policy. Once the end user clicks the necessary links, instructions or check boxes, he/she is allowed access to the endpoint. All of the associated audit information is archived within the Cb Enterprise Protection repository and is used to produce a full compliance report for the validation process, audit or assessment. Figure 8 illustrates several of Cb Enterprise Protection s compliance validation features that help enforce an audit compliance policy. This sample notification window helps compliance stakeholders understand their responsibilities as well as provides audit proof that the compliance policy is being disseminated, consumed and followed. The Convergence of Security and Compliance 10

Summary Cb Enterprise Protection helps IT security and compliance professionals proactively prove continuous compliance with industry regulations in order to avoid steep noncompliance fees and damage to their brand. While every organization is unique, all organizations face similar challenges in ensuring that compliance requirements are met. Cb Enterprise Protection addresses the convergence of compliance and security, providing one agent that offers visibility, detection, response and protection, and can automate and manage compliance for PCI-DSS, SOX, HIPAA, FISMA, GLBA, GPG 13, NERC CIP and other regulations. About the author: Christopher Strand is senior director of compliance and governance at Carbon Black. With more than 20 years of information technology experience, Strand is Carbon Black s subject-matter expert on enterprise network and application security solutions and how organizations can deploy positive security to maintain and improve their compliance posture. Previously, Strand held security/ compliance positions at Trustwave, Tripwire, EMC/RSA and Compuware. He holds a bachelor s degree in environmental engineering from the University of Guelph in Ontario, Canada, and completed post-graduate work in IT and development at Humber College in Toronto. About Carbon Black Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite. 2016 Carbon Black is a registered trademark of Carbon Black. All other company or product names may be the trademarks of their respective owners. 20160223 MMC 1100 Winter Street Waltham, MA 02451 USA P 617.393.7400 F 617.393.7499 www.carbonblack.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback