Overview
GLBA, also known as the Gramm-Leach-Bliley Act, is a compliance requirement established by the U.S. federal government. It mandates financial institutions to implement safeguards to protect the privacy and security of customers’ non-public personal information (NPI). Compliance with GLBA is crucial for organizations in the financial sector, including banks, credit unions, and other financial service providers.
For more information, refer to the GLBA publication: https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/documents/8/viii-1-1.pdf
Netsurion Managed XDR for GLBA Compliance
Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in GLBA compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents.
By leveraging Netsurion Managed XDR, financial institutions can enhance their security posture, protect customer NPI, and achieve compliance with GLBA. This helps build trust with customers, maintain regulatory compliance, and mitigate the risk of data breaches.
Using Netsurion Managed XDR to meet GLBA Requirements
Determine the Adequacy of Security Monitoring
Obtain an understanding of the institution’s monitoring plans and activities, including both activity monitoring and condition monitoring.
Netsurion Open XDR provides central monitoring of activities and conditions by collecting log data from hosts, applications, network devices, etc. Netsurion Open XDR provides real-time event monitoring, alerting, and reporting on specific activities and conditions.
Identify the organizational unit and personnel responsible for performing the functions of a security response center. Obtain and evaluate the policies governing security response center functions, including monitoring, classification, escalation, and reporting.
Netsurion Open XDR integrated incident management capabilities support and automate many functions of a security response center. Incidents (alarms) are tracked by status within Netsurion Open XDR (i.e., new, open, closed). Activity around the alarm (e.g., notifications, analysis) is recorded in the alarm record. Netsurion Open XDR real-time dashboard provides a heads-up display of incident activity and associated response. Netsurion Open XDR reports provide comprehensive reporting on incident activity.
Evaluate the effectiveness of enterprise-wide security administration
Determine whether management and department heads are adequately trained and sufficiently accountable for the security of their personnel, information, and systems.
Netsurion’s security event management capabilities provide any organization a critical tool in monitoring and responding to the security of information and systems. Having a solution that provides real-time security event monitoring, alerting, and reporting is evidence of management-level security diligence and enables audit accountability across the enterprise.
Evaluate the adequacy of automated tools to support secure configuration management, security monitoring, policy monitoring, enforcement, and reporting.
Netsurion Open XDR provides a proven, enterprise class solution for security monitoring. Netsurion Open XDR ability to collect all log data enables reporting on configuration and policy changes. Netsurion Open XDR incident management provides the tracking of applicable enforcement activities.
Access Rights Administration
Determine that administrator or root privilege access is appropriately monitored, where appropriate. Management may choose to further categorize types of administrator/root access based upon a risk assessment. Categorizing this type of access can be used to identify and monitor higher-risk administrator and root access requests that should be promptly reported.
Netsurion Open XDR collects all account management and account usage activity. The creation of privileged accounts (i.e., administrator, root) or granting of privileged rights is easily and automatically monitored, alerted and reported on.
Authentication
Determine whether access to system administrator level is adequately controlled and monitored.
Netsurion Open XDR collects all account management usage activity. The creation of privileged accounts (i.e., administrator, root) or granting of privileged rights is easily and automatically monitored, alerted and reported on.
Network Security
Determine whether logs of security-related events and log analysis activities are sufficient to affix accountability for network activities, as well as support intrusion forensics and IDS. Additionally, determine that adequate clock synchronization takes place.
Netsurion Open XDR can collect logs from network devices, IDS/IPS systems, A/V systems, firewalls, and other security devices. EventTracker provides central analysis and monitoring of intrusion-related activity across the IT Infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion Open XDR integrated knowledge base provides information and references useful in responding to and resolving intrusions.
Determine whether logs of security-related events are appropriately secured against unauthorized access, change, and deletion for an adequate time period, and that reporting to those logs is adequately protected.
Netsurion Open XDR helps ensure audit trails are protected from unauthorized modification. Netsurion Open XDR collects logs immediately after they are generated and stores them in a secure repository. Netsurion Open XDR servers utilize access controls at the operating system and application level to ensure that log data cannot be modified or deleted.
Netsurion Open XDR completely automates the process of retaining the audit trail. Netsurion Open XDR creates archive files of all collected log entries. These files are organized in a directory structure by day, making it easy to store, backup, and destroy log archives based on the policy.
Determine whether remote access devices and network access points for remote equipment are appropriately controlled.
- Remote access is disabled by default, and enabled only by management authorization.
- Management authorization is required for each user who accesses sensitive components or data remotely.
- Authentication is of appropriate strength (e.g., two-factor for sensitive components).
- Modems are authorized, configured, and managed to appropriately mitigate risks.
- Appropriate logging and monitoring takes place.
- Remote access devices are appropriately secured and controlled by the institution.
- Remote access devices are appropriately secured and controlled by the institution.
Netsurion Open XDR collects network device logs. Netsurion Open XDR analysis and reporting capabilities can be used for reviewing network activity to ensure only authorized communications occur. Netsurion Open XDR alerts can be used for detecting unauthorized communications. Netsurion Open XDR collects remote access activity for VPN, SSH, telnet, etc. Netsurion Open XDR reports provide easy and independent review of remote access to information systems.
HOST Security
Determine whether access to utilities on the host is appropriately restricted and monitored.
Netsurion Open XDR can collect audit logs reporting on the access and use of utilities on hosts for monitoring and reporting. Additionally, Netsurion’s file integrity monitoring capability can be used to independently detect access and use of utilities.
Determine whether the host-based IDSs identified as necessary in the risk assessment are properly installed and configured, that alerts go to appropriate individuals using an out-of-band communications mechanism, and that alerts are followed up.
Netsurion Open XDR can collect logs from IDS/IPS systems. Netsurion Open XDR provides robust alerting and notification capabilities that help ensure alerts are routed to the appropriate individuals. Netsurion’s integrated incident management capabilities provide accountability and reporting on alarm resolution.
Determine whether logs are sufficient to affix accountability for host activities and to support intrusion forensics and IDS and are appropriately secured for a sufficient time period.
Netsurion Open XDR helps ensure audit trails are protected from unauthorized modification. Netsurion Open XDR collects logs immediately after they are generated and stores them in a secure repository. Netsurion Open XDR servers utilize access controls at the operating system and application level to ensure that log data cannot be modified or deleted.
Application Security
Determine whether appropriate logs are maintained and available to support incident detection and response efforts.
Netsurion Open XDR completely automates the process of retaining your audit trail. Netsurion Open XDR creates archive files of all collected log entries. These files are organized in a directory structure by day, making it easy to store, backup and destroy log archives based on your policy.
Software Development and Acquisition
Evaluate whether the software acquired incorporates appropriate security controls, audit trails, and activity logs and that appropriate and timely audit trail and log reviews and alerts can take place.
Netsurion Open XDR collects logs from commercial and custom applications. Netsurion Open XDR provides central analysis, reporting and alerting for application logs.
Security Monitoring
Identify the monitoring performed to identify noncompliance with institution security policies and potential intrusions.
- Review the schematic of the information technology systems for common security monitoring devices.
- Review security procedures for report monitoring to identify unauthorized or unusual activities.
- Review management’s self-assessment and independent testing activities and plans.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Determine whether logs of security-related events are sufficient to support security incident detection and response activities, and that logs of application, host, and network activity can be readily correlated.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Determine whether logs of security-related events are appropriately secured against unauthorized access, change, and deletion for an adequate time period, and that reporting to those logs is adequately protected.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Determine whether logs of security-related events are appropriately secured against unauthorized access, change, and deletion for an adequate time period, and that reporting to those logs is adequately protected.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Determine whether logs are appropriately centralized and normalized, and that controls are in place and functioning to prevent time gaps in logging.
Netsurion Open XDR can collect logs from IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of intrusion related activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion’s Personal Dashboard provides customized real-time monitoring of events and alerts. Netsurion’s Investigator provides deep forensic analysis of intrusion related activity. Netsurion’s integrated knowledge base provides information and references useful in responding to and resolving intrusions. Netsurion Open XDR ensures audit trails are protected, retained, and can be easily restored years later.
Determine whether an appropriate process exists to authorize employee access to security monitoring and event management systems and that authentication and authorization controls appropriately limit access to and control the access of authorized individuals.
Netsurion Open XDR provides centralized secure access to all log data. Netsurion Open XDR leverages application and database level controls to restrict user access to authorized data and functions. Netsurion Open XDR includes discretionary access controls for restricting users to a defined subset of the log data collected.
Determine whether appropriate detection capabilities exist related to:
- Network related anomalies, including
– Blocked outbound traffic
– Unusual communications, including communicating hosts, times of day, protocols, and other header related anomalies
– Unusual or malicious packet payloads - Host-related anomalies, including
– System resource usage and anomalies
– User related anomalies
– Operating and tool configuration anomalies
– File and data integrity problems
– Anti-virus, anti-spyware, and other malware identification alerts
– Unauthorized access
– Privileged access
Netsurion Open XDR can collect logs from hosts, network devices, IDS/IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of network and host activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks. Netsurion Open XDR alarming capability can be used to independently detect and alert on network and host based anomalies via sophisticated filtering, correlation and threshold violations.