GPG-13, also known as the Good Practice Guide 13, is a compliance requirement established by the UK government’s National Cyber Security Centre (NCSC). It provides guidelines and best practices for organizations to protect their IT systems and sensitive information from cyber threats. Compliance with GPG-13 helps organizations enhance their cybersecurity posture and mitigate the risk of cyber incidents. 

For more information, refer to GPG-13 publication: https://www.ncsc.gov.uk/files/GPG%2013%20-%20Protective%20Monitoring%20for%20HMG%20ICT%20-%20Issue%201.7%20October%202012%20-%20NCSC%20Web.pdf

Netsurion Managed XDR for GPG-13 Compliance 

Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in GPG-13 Compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents. 

By leveraging Netsurion Managed XDR, organizations can enhance their cybersecurity posture, protect sensitive information, and achieve GPG-13 compliance. This helps mitigate the risk of cyber threats, improve incident response capabilities, and safeguard business operations. 

Using Netsurion Managed XDR to meet GPG 13 Requirements

Control PMC – 1

Accurate Time Stamps

Netsurion Open XDR provides accurate, consistent and independent time synchronization across all collected accounting data, and detects abnormal patterns, such as time adjustment, both back and forward.

Control PMC – 2

Recording of Business Traffic Crossing a Boundary

Netsurion Open XDR analyzes network events and combines accounting data from other boundary devices to establish a record of all cross-boundary imports and exports. Raw accounting data is checked against applicable policy in real time, and alerts and reports are generated if any policy breaches or other malicious activities are detected.

Control PMC – 3

Recording Relating to Suspicious Activity at The Boundary

Netsurion Open XDR analyzes the behavior of boundary traffic and immediately identifies any suspicious or unusual traffic. Alerts are generated and distributed in real time, and all raw data is made available for data mining and forensic analysis.

Control PMC – 4

Recording on Internal Workstation, Server or Device status

Workstation, server and other device accounting data is collected and analyzed by Netsurion Open XDR in real-time. Netsurion Open XDR automatically detects when suspicious activity occurs, such as configuration changes; privileged access and unauthorized escalation; unexpected system and application restart; software installation and patch failures; removable media insertion and removal; sensitive file access and more.

Control PMC – 5

Recording Relating to Suspicious Internal Network Activity

Netsurion Open XDR constantly monitors the behavior of users, networks, machines and applications. Alerts are generated in real-time, whenever any suspicious activity is detected, to indicate an external breach has occurred or an insider is acting maliciously.

Control PMC – 6

Recording Relating to Network Connections

All connections made to a network are analyzed by Netsurion Open XDR including wireless, VPN and dial up. Netsurion Open XDR automatically detects and alerts on any suspicious activity, such as attempt to gain access or wireless network hacking attempts.

Control PMC – 7

Recording on Session Activity by User and Workstation

Netsurion Open XDR monitors user activity across the network, including data access and communications. Netsurion Open XDR ensures that any security policy breaches or suspicious patterns of behavior are identified and alerted on in real time. The raw accounting data is also available in Netsurion Open XDR for reporting and ad-hoc analysis purpose.

Control PMC – 8

Recording on Data Backup Status

Netsurion Open XDR monitors accounting data related to the status and operation of backup and restore process. Netsurion Open XDR can identify and generate alerts if an error in the backup and restore process occurs, such as failure to complete a backup/ restore, data corruption or deletion.

Control PMC – 9

Alerting Critical Events

Netsurion Open XDR categorizes and prioritizes all the alerts it generates based on risk. Alerts can be viewed centrally via the Netsurion console using the dashboard view.

Control PMC – 10

Reporting on The Status of the Audit System

Netsurion Open XDR enables all aspects of the audit process – from data collection to viewing, alerting and reporting – to be independently tracked and audited.

Control PMC – 11

Production of Sanitized and Statistical

Management Reports Netsurion Open XDR ships with hundreds of compliance and security status and management reports, for example number of failed logons, number and type of intruders detected, average time to resolve the security incident, etc. The reporting function is highly configurable –existing reports can be amended or new ones written simply through the interface.

Control PMC – 12

Providing a Legal Framework for Protective

Monitoring Activities Netsurion Open XDR is deployed and configured in accordance with the guidance recommended as a part of the overall risk management process. Throughout the accounting data collection process, Netsurion Open XDR ensures that all data is collected and analyzed for forensic validity.