Overview
ISO 27001 is an internationally recognized standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive information and ensuring its confidentiality, integrity, and availability. Compliance with ISO 27001 demonstrates an organization’s commitment to implementing robust security controls and protecting valuable information assets.
For more information, refer to the ISO 27001 publication: https://www.iso.org/standard/27001
Netsurion Managed XDR for ISO 27001 Compliance
Netsurion Managed XDR combines SIEM, log management, proactive threat hunting, and guided incident response to effectively meet the requirements outlined in ISO 27001 compliance. With comprehensive monitoring, analysis, and reporting capabilities organizations can identify and manage their assets, establish access controls, protect resources, and respond promptly to incidents.
By partnering with Netsurion, organizations can strengthen their information security posture, protect valuable information assets, and achieve compliance with ISO 27001. This not only helps build trust among stakeholders but also demonstrates a commitment to maintaining the highest standards of information security.
Using Netsurion Managed XDR to meet ISO/IEC 27001 Requirements
Human Resource Security
Control A.8.3.3 – Removal of Access Rights
The access rights of all employees, contractors and third party users to information and information processing facilities shall be removed upon termination of their employment, contract or agreement, or adjusted upon change.
Netsurion Open XDR collects all account management activities. Netsurion Open XDR reports provide easy and standard review of all account management activity.
Communications and Operations Management
Control A.10.1.2 – Change Management
Changes to information processing facilities and systems shall be controlled.
Netsurion’s Change Audit capability can be used to detect additions, modifications and deletions to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.
Control A.10.3.1 – Capacity Management
The use of resources shall be monitored, tuned, and projections made of future capacity requirements to ensure the required system performance.
Netsurion Open XDR provides central, secure, and independent audit log storage. Netsurion’s central and extensible storage of audit log data ensures capacity will not be exceeded. Netsurion Open XDR can collect logs from hosts, network devices, IDS/IPS systems, A/V systems, firewalls and other security devices. Netsurion Open XDR provides central analysis and monitoring of network and host activity across the IT infrastructure. Netsurion’s alarming capability can be used to independently detect and alert on threshold violations.
Control A.10.3.2 – System Acceptance
Acceptance criteria for new information systems, upgrades, and new versions shall be established and suitable tests of the system(s) carried out during development and prior to acceptance.
Netsurion Open XDR can track and report on when patches are installed on devices, showing which systems have had patching within the past month, or any other time frame as dictated by organizational policy.
Control A.10.4.1 – Controls against Malicious Code
Detection, prevention and recovery controls to protect against malicious code and appropriate user awareness procedures shall be implemented.
Netsurion Open XDR detects and alerts on any error conditions originating from anti-virus applications, when the services are started and stopped, as well as identifies when new signatures are installed. Alarming can be configured to inform the custodian(s) of when any malware is detected inside the environment.
Control A.10.5.1 – Information Backup
Back-up copies of information and software shall be taken and tested regularly in accordance with the agreed backup policy.
Netsurion Open XDR can track and report on when backups are performed within the past month, or any other time frame as dictated by organizational policy.
Control A.10.6.1 – Network Controls
Networks shall be adequately managed and controlled, in order to be protected from threats, and to maintain security for the systems and applications using the network, including information in transit.
Netsurion Open XDR can collect logs from hosts, network devices, IDS/ IPS systems, A/V systems, firewalls, and other security devices. Netsurion Open XDR provides central analysis and monitoring of network and host activity across the IT infrastructure. Netsurion Open XDR can correlate activity across user, origin host, impacted host, application and more. Netsurion Open XDR can be configured to identify known bad hosts and networks.
Netsurion’s alarming capability can be used to independently detect and alert on network and host based anomalies via sophisticated filtering, correlation and threshold violations.
Control A.10.9.3 – Publicly Available Information
The integrity of information being made available on a publicly available system shall be protected to prevent unauthorized modification.
Netsurion’s File Integrity Monitoring capability can be used to detect additions, modifications, deletions, and permission changes to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.
Control A.10.10.1 – Audit Logging
Audit logs recording user activities, exceptions, and information security events shall be produced and kept for an agreed period to assist in future investigations and access control monitoring.
Netsurion’s monitoring, analysis, archiving, alerting, auditing and reporting capabilities provide for continuous monitoring of access points across the Electronic Security Perimeter(s). For instance, Netsurion Open XDR monitors unauthorized access for auditing, logging, archiving and alerting.
Control A.10.10.3 – Protection of Log Information
Logging facilities and log information shall be protected against tampering and unauthorized access.
Using Netsurion Open XDR helps ensure audit trails are protected from unauthorized modification. Netsurion Open XDR collects logs immediately after they are generated and stores them in a secure repository. Netsurion Open XDR servers utilize access controls at the operating system and application level to ensure that log data cannot be modified or deleted.
Control A.10.10.5 – Fault Logging
Faults shall be logged, analyzed and appropriate action taken.
Netsurion Open XDR collects logs continuously and real-time in the organizational IT environment. The logs are analyzed and presented in the Netsurion Open XDR Dashboard for real-time review. Alarms are activated on critical events that will cause immediate and direct notification to the administration. Reports and investigations for compliance are available at all times.
Control A.11.2.1 – User Registration
There shall be a formal user registration and deregistration procedure in place for granting and revoking access to all information systems and services.
Netsurion Open XDR collects all account management and account usage activity. Changes to accounts, usage of default accounts and the full range of authorization and permissions related activity are automatically monitored and can be easily alerted on when unauthorized activity is detected. Preconfigured reports are provided to supply full account of all account usage and change history.
Control A.11.5.1 – Secure Log-on Procedures
Access to operating systems shall be controlled by a secure log-on procedure.
Netsurion Open XDR collects all account management and account usage activity. Changes to accounts, usage of default accounts and the full range of authorization and permissions related activity are automatically monitored and can be easily alerted on when unauthorized activity is detected. Preconfigured reports are provided to supply full account of all account usage and change history.
Control A.11.5.4 – Use of System Utilities
Netsurion Open XDR
Netsurion Open XDR can collect audit logs reporting on the access and use of utilities on hosts for monitoring and reporting. Additionally, Netsurion’s File Integrity Monitoring capability can be used to independently detect access and use of utilities.
Control A.11.6.1 – Information Access
Access to information and application system functions by users and support personnel shall be restricted in accordance with the defined access control policy.
Netsurion Open XDR supplies a one stop repository from which to review log data from across the entire IT infrastructure. Reports can be generated and distributed automatically on a daily basis. Netsurion Open XDR provides an audit trail of who did what within Netsurion Open XDR and a report which can be provided to show proof of log data review.
Information System Acquisition, Development and Maintenance
Control A.12.4.2 – Protection of System Test Data
Test data shall be selected carefully, and protected and controlled.
Netsurion’s Change Audit capability can be used to detect additions, modifications and deletions to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.
Control A.12.4.3 – Access Control to Program Source Code
Access to program source code shall be restricted.
Netsurion’s Change Audit capability can be used to detect additions, modifications and deletions to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.
Control A.12.5.1 – Change Control Procedures
The implementation of changes shall be controlled by the use of formal change control procedures.
Netsurion Open XDR monitors for proper operations and configuration changes that may put at risk the security of the system.
Control A.12.5.2 – Technical Review of Applications after Operating System Changes
When operating systems are changed, business critical applications shall be reviewed and tested to ensure there is no adverse impact on organizational operations or security.
Netsurion Open XDR monitors for proper operations and configuration changes that may put at risk the security of cardholder data.
Control A.12.5.3 – Restrictions on Changes to Software Packages
Modifications to software packages shall be discouraged, limited to necessary changes, and all changes shall be strictly controlled.
Netsurion Open XDR monitors for proper operations and configuration changes that may put at risk the security of cardholder data.
Control A.12.5.4 – Information Leakage
Opportunities for information leakage shall be prevented.
Netsurion Open XDR can monitor and logs the connection and disconnection of external data devices to the host computer where the Agent is running. It also monitors and logs the transmission of files to an external storage device.
Control A.12.6.1 – Control of Technical Vulnerabilities
Timely information about technical vulnerabilities of information systems being used shall be obtained, the organization’s exposure to such vulnerabilities evaluated, and appropriate measures taken to address the associated risk.
Vulnerabilities can be detected by real-time examination tools or by using Netsurion’s Vulnerability Management scanning systems.
Information Security Incident Management
Control A.13.1.1 – Reporting Information Security Events
Information security events shall be reported through appropriate management channels as quickly as possible.
Vulnerabilities can be detected by real-time examination tools or by using Netsurion’s Vulnerability Management scanning systems.
Control A.13.1.2 – Reporting Security Weaknesses
All employees, contractors and third party users of information systems and services shall be required to note and report any observed or suspected security weaknesses in systems or services.
Netsurion Open XDR documents alarm and response activities such as ‘responsible parties notified’, alarm status such as ‘working, escalated, and resolved’, and what actions were taken.
Control A.13.2.1 – Responsibilities and Procedures
Management responsibilities and procedures shall be established to ensure a quick, effective, and orderly response to information security incidents.
Netsurion Open XDR documents alarm and response activities such as ‘responsible parties notified’, alarm status such as ‘working, escalated, and resolved’, and what actions were taken.
Control A.13.2.2 – Learning from Information Security Incidents
There shall be mechanisms in place to enable the types, volumes, and costs of information security incidents to be quantified and monitored.
Netsurion Open XDR completely automates the process and requirement of collecting and retaining security event logs. Netsurion Open XDR retains logs in compressed archive files for cost effective, easy to-manage long-term storage. Log archives can be restored quickly and easily months or years later in support of after-the-fact investigations.
Control A.13.2.3 – Collection of Evidence
Where a follow-up action against a person or organization after an information security incident involves legal action, evidence shall be collected, retained, and presented to conform to the rules for evidence laid down in the relevant authority(s).
Netsurion Open XDR documents alarm and response activities such as ‘responsible parties notified’; alarm status such as ‘working, escalated, and resolved’, and what actions were taken.
Business Continuity Management
Control A.14.1.2 – Business Continuity and Risk Assessment
Events that can cause interruptions to business processes shall be identified, along with the probability and impact of such interruptions and their consequences for information security.
Netsurion Open XDR collects logs continuously and real-time in the organizational IT environment. The logs are normalized, analyzed and presented in the Netsurion Open XDR Dashboard for real-time review. Alarms are activated on critical events that will cause immediate and direct notification to the administration. Reports and investigations for compliance are available at all times.
Compliance
Control A.15.1.3 – Protection of Organizational Records
Important records shall be protected from loss, destruction and falsification, in accordance with statutory, regulatory, contractual, and business requirements.
Netsurion’s Change Audit capability can be used to detect additions, modifications and deletions to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.
Control A.15.3.2 – Protection of Information Systems Audit Tools
Access to information systems audit tools shall be protected to prevent any possible misuse or compromise.
Netsurion’s Change Audit capability can be used to detect additions, modifications and deletions to the file system. Analysis & reporting capabilities can be used for monitoring configuration changes. Real-time alerting can be utilized to detect and notify of changes to specific configurations.