monitor, detect, analyze, protect, report and respond against known vulnerabilities, attacks and exploitations
Reston, VA (Vocus) February 1, 2010
Intellitactics, a leading provider of appliances and software for enterprise security management, announced the inclusion of Intellitactics Security Manager (ISM) as a user vetted solution on the Top 20 Critical Controls Automation List researched and validated by the SANS Institute. The inclusion on this list shows that Intellitactics Security Manager and mid market Intellitactics SAFE appliances are capable of continuously monitoring the baseline of information security measures and controls, as specified by the Consensus Audit Guidelines. Intellitactics customers validated that their SIEM solutions automated collection and review of audit logs, controlled use of administrative privileges and provided for account monitoring and control.
The Federal Information Security Management Act in drafting the US ICE Act of 2009 calls on federal agencies to "monitor, detect, analyze, protect, report and respond against known vulnerabilities, attacks and exploitations". But, government agencies, like many commercial companies, are faced with the escalating challenges from more sophisticated adversaries and cyber terrorists. Simultaneously, budgets are often constrained and tenured security resources are scarce.
What was needed was a prioritized list of controls that could serve as a baseline. The initiative to develop a baseline of security measures and controls, now known as the Consensus Audit Guidelines (CAG), was led by John Gilligan (previously CIO of the US Department of Energy and the US Air Force) under the auspices of the Center for Strategic and International Studies. Members of the Consortium include the National Security Agency (NSA), US Computer Emergency Readiness Team (CERT), Department of Defense (DoD), Joint Task Force-Global Network Operations (JTF-GNO), the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and pen testers that serve the banking and critical infrastructure communities.
Bill Rucker, Intellitactics Vice President, Public Sector, explains Intellitactics focus on managing to a baseline of controls: “Intellitactics made the monitoring of controls central to our approach to security management four years ago. Organizations that manage to a concise set of controls have been found to be more effective and cost efficient.” Rucker continued, “Many of our customers were eager to be interviewed by SANS to explain how their Intellitactics SIEM solution is an automated mechanism for monitoring and reporting on these controls – as prescribed by CAG.”
A fundamental use of Intellitactics Security Manager (ISM) for example, is the CAG Control 6 which calls for the automated collection and review of audit logs. Intellitactics customers were able to validate for SANS that with ISM logging is done continuously and the raw logs and parsed logs or events are not only stored as prescribed but are easily accessible. ISM automatically correlates events looking through logs that indicate suspicious or out of scope behavior. The main advantage of automation over manual log review is the ability to alert or notify a security analyst who can quickly investigate and use the visual analysis feature to actually “see” an evolving attack, the source and the target. While CAG was created to benefit federal agencies, Rucker says “Our commercial customers follow the highly prescriptive NIST controls, so I wouldn’t be surprised to learn that the CAG become a resource for them as well.”
Other controls validated by Intellitactics customers include Control 8, which calls for controlled use of administrative privileges and Control 11, which prescribes account monitoring and control. These controls are at the heart of protecting information assets from malicious insiders. Rucker relates what he hears from government customers: “A lot of money is spent defending the perimeter of an organization, but unauthorized, and more important undetected illegal access to critical and sensitive information has been at the root of several high profile breaches. By proactively monitoring these controls an agency may be able to avoid account abuse and data leaks that could put their mission at risk.”
The highly respected SANS Institute is providing the list of user vetted automation tools as a guide for government agencies and organizations interested in implementing the Consensus Audit Guidelines. In addition, SANS will be publishing case studies and hosting webinars featuring agencies successfully using the list of Automation Tools.
About Intellitactics, Inc.
Headquartered in Reston, VA, Intellitactics provides a suite of security incident and event management (SIEM) products for organizations of all sizes. Well-known as the provider of Intellitactics Security Manager, the optimal enterprise security management software solution for mature organizations supporting global security operations, Intellitactics now offers organizations an affordable line of security management appliances called Intellitactics SAFE. These products used stand alone or in combination, provide unparalleled packaged capability for compliance reporting, log management and threat management. Global organizations, multi-site companies or MSSPs can effectively distribute capabilities while providing centralized control of the security infrastructure. Intellitactics SAFE won the Best Security Management Award Europe 2009. Intellitactics was the first SIEM vendor to be awarded Common Criteria Certification as a security information and event management solution. Founded in 1996, Intellitactics is backed by JMI Equity Fund LP and Lazard Technology Partners and is ranked by well-known industry analysts as a market leader known for product development, delivery and thought leadership. Visit us at http://www.intellitactics.com.