July 24, 2009
EventTracker, Prism’s SIEM solution, supports all 15 automated security controls that block or mitigate known high-profile attacks
Columbia, MD – Prism Microsystems announced today that the latest version of its complete Security Information and Event Log Management (SIEM) solution, EventTracker, offers support for the 15 automated security controls of the Consensus Audit Guidelines (CAG), a joint initiative of defense experts from federal agencies and the SANS institute.
The CAG are a set of 20 technical security controls viewed as effective in blocking the most serious real-world threats. For each control, actual attacks blocked are identified, best practices for automation (for the 15 controls that can be automated) are provided and tests to determine proper implementation are defined. Originally developed to address the requirements of the new FISMA (U.S. ICE Act of 2009) that requires federal agencies to “monitor, detect, analyze, protect, report and respond against known vulnerabilities, attacks and exploitations,” the guidelines have also been found to mitigate known attacks against financial institutions, retailers and government agencies.
“IT Security is everybody’s job and on the mind of a lot of CIOs. Less obvious is how specifically to go about it, in what order, given real-world budget and staffing constraints. Regulatory guidelines are necessarily general and therefore must be mapped to a specific environment, a long and expensive first step towards better security. The Consensus Audit Guidelines (CAG) are a useful collection of controls and specific recommendations made by people with rich relevant experience. The goal is to mitigate the most damaging threats known to be active today. They are also pragmatic in acknowledging that major procedural or technical changes cannot be made easily and quickly and therefore out of scope,” said A.N. Ananth, CEO of Prism Microsystems. “Quick wins which also meaningfully improve security, are always welcome.”
EventTracker, Prism’s SIEM solution, provides a number of capabilities important for automating the security controls outlined in CAG. These include real-time monitoring of USB and external devices, configuration changes, software installations, suspicious network activity, file/folder access, status of anti-virus applications and security patches, and log-on/log-off activity. EventTracker also provides the ability to enforce remedial action on all monitored systems and includes prepackaged templates to report on each of the 15 controls.
“The big state change in SIEM is that we are mining metrics; you can manage what you can measure. SIEM is going to be a major player as the dashboard to monitor the performance of John Gilligan’s 20 Critical Controls ‘CAG’ approach to security risk management. Executives rightly want to know if we can back up what we say as security people about risk. SIEM is going to be the primary source for actionable information to prove a given organization is doing better or worse,” said Stephen Northcutt, President, The SANS technology institute.
For further information on the Consensus Audit Guidelines and to learn how Security Information and Event Log Management solutions such as EventTracker can be utilized to implement the guidelines.
About Prism Microsystems
Prism Microsystems delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized intelligence that will fundamentally change your perception of the utility, value and organizational potential inherent in log files. Prism’s leading solutions offer Security Information and Event Management (SIEM), real-time Log Management, and powerful Change and Configuration Management to optimize IT operations, detect and deter costly security breaches, and comply with multiple regulatory mandates.
Visit www.eventtracker.com for more information. Follow us on Twitter @logtalk.