Content Aware SIEM(TM) (CA-SIEM) represents a new generation of Security Information and Event Management (SIEM) capabilities that extend the value and benefits of SIEM by providing visibility into the contents of applications, documents and protocols. Without content awareness, SIEM is only able to act upon the surface details provided by logs. This limits the effectiveness of key SIEM functionalities--including threat detection, incident response, and compliance reporting--because the data being used for analysis lacks sufficient context to make informed, relevant decisions.

Many of the world's critical infrastructure networks--such as power, water and other utilities, as well as many manufacturing, processing and transportation systems--are becoming more intelligent. This translates to digital communications to and from a myriad of complex processes and controls. Referred to as Control Systems, these networks represent the heart of the utility company. The control systems are responsible for power generation and distribution, as well as the monitoring of those functions for metering, safety, and other purposes that are critical to the successful distribution of power.

Data management is a fundamental SIEM/Logging function. Any product lacking an appropriate data management system will ultimately fail to meet the requirements of its users. Optimally designed data management systems allow compelling product features to emerge that help propel the product to a market leading position. The success of a SIEM/Logging product hinges on the quality and capabilities of its underlying data management system and the expertise of its developers in utilizing the system.

There is a long held truth in the business world that risk is equal to the threat, multiplied by the asset, multiplied by the vulnerability. This equation, while not truly defining risk, helps calculate the exposure to risk based on certain factors which you may or may not be able to control. Simply put, risk can be defined as the likelihood that something bad will happen that causes harm to an information asset. With the ever changing nature of both internal and external threats to an enterprise, risk must be able to be dynamically monitored and calculated in a repeatable way, allowing for real time risk scoring of threats to the environment.

The compliance landscape for healthcare organizations has changed significantly since the passage of the legislation creating HIPAA in 1996, and the subsequent introduction of the HIPAA Security and Privacy Rules. In 2009, the passage of the HI- TECH Act as a part of the American Recovery and Reinvestment Act of 2009 (ARRA) ushered in changes in what kinds of organizations are considered covered entities, and changes in scope for compliance requirements for healthcare organiza- tions. In addition, regulators tasked with enforcing the requirements of HIPAA and HITECH have become more aggressive in audits of healthcare organizations.

This document is intended to provide guidance in how NitroView may be implemented to best address the requirements of the NERC CIP reliability standards.

NitroView ESM supports compliance monitoring, log collection and reporting of all routable assets connected via TCP/IP. However, please note that users of supported data historians can also utilize NitroView DBM to provide visibility to additional control system assets -- including RTUs, PLCs, set points, and violations -- improving incident detection while also greatly enhancing NitroView's ability to support NERC CIP compliance efforts.

Because the CIP reliability standards require extensive documentation, a centralized information management and reporting system such as NitroView is able to directly address many CIP requirements ...

Complying with Sarbanes-Oxley requires implementation of control frameworks such as COSO and COBIT. This whitepaper provides guidance on how to best design and deploy IT security controls to support these frameworks. Many of the requirements found in both COSO and COBIT do require rigorous IT security controls be implemented, including controls that will collect IT logs, identify potential security incidents, and enforce access policies to sensitive financial applications and databases. NitroSecurity’s range of IT security products provide effective security controls to help enterprises meet the control objectives found in both COSO and COBIT, and to comply with the provisions of Sarbanes-Oxley.

SCADA networks are just different. Compared to enterprise IT networks, they have different security objectives, most of the endpoint actors are machines rather than people, their incidents can have immediate physical consequences, and they are more likely to be targeted by hostile actors such as terrorists. Moreover, SCADA networks must operate at speeds and low latencies that enterprise networks can only covet.

Securing a SCADA network is a highly contextual activity. Simply validating that servers, storage, communications, and endpoints are operating within security policies is not enough. SCADA security must also be aware of the types of actions that are legally occurring within those policies. As a result, control system awareness must be built into the security products. Effective SCADA security needs inputs from both application and infrastructure sources. Control system event sources such as data historians can provide this enhanced visibility.

Driven by regulatory compliance and security event correlation, most large organizations have deployed a Security Information and Event Management (SIEM) system over the past few years. Does this mean that they are adequately protected? ESG does not believe so. Ominous security threats and a rash of publicly-disclosed data breaches certainly place an intense strain on many legacy security management tools and ESG believes this is just the tip of the iceberg. 

PCI DSS provides highly specific guidance for the credit card industry as to a minimum required set of security controls. In the credit card industry, Qualified Security Auditors (QSA's) assess and determine where the organization is in compliance, and where there are issues and gaps to be resolved. These findings are communicated in the QSA's Report on Compliance (ROC). Identifying applicable security controls and technologies that can address specific requirements in PCI DSS is important for organizations in the credit card industry.

Patient confidentiality is a growing concern for healthcare organizations. Government regulations, electronic health records, and new Internet health services create a myriad of security challenges for healthcare compliance and information security teams. To alleviate these concerns healthcare providers must secure access to clinical applications and protect the underlying IT infrastructure from misuse by insiders, hackers and identity thieves.

Is it time? Are you waving the white flag? Has your SIEM failed to meet expectations despite your significant investment? If you are questioning whether your existing product or service can get the job done, you are not alone. You likely have some battle scars from the difficulty of managing, scaling, and actually doing something useful with SIEM. Given the rapid evolution of SIEM/Log Management offerings – and the evolution of requirements with new application models and this cloud thing – you should be wondering whether a better, easier, and less expensive solution meets your needs...