|
|
 
Security Information Management (SIM) is essential to reasonable and
appropriate security and is mandated by all regulations and control
frameworks. This practice identifies opportunities to better leverage the
massive amounts of information generated by network and security devices.
Our ESM team simplifies threat recognition, security data centralization and
normalization, and controls monitoring for your organization. Key benefits
include:
Improved
Policy Compliance - can be quantified across the enterprise Improved
Audit Compliance - all audit frameworks and regulations mandate ongoing
monitoring Improved
Incident Response - Security events against critical assets can be
detected and responded to in near real time Proactive
Security Management - Events can be correlated across multiple devices
to provide an information-enhanced view of malicious activity or
anomalous behavior Faster
Forensics - Forensic investigation can be conducted in minutes from a
single console (vs. hours or days across multiple consoles)
Pivot Point has been extensively involved in leveraging Enterprise
Security Management tools to provide a means to validate / proactively
measure policy compliance across an organization against internal
security policies or industry or government mandated standards (ISO
17799, COBIT, Sarbanes Oxley, HIPAA, and FISMA).
Benefits include:
Organization
specific enterprise-class compliance reporting Management
tools to manage the process including Business Unit Reporting, Trending,
& Time to Resolution. Ability to
bring new systems into production assured that they meet policy
compliance requirements Helps ensure
the maintenance of business operations and continued customer
confidence
An oft overlooked (and incredibly important) element of a well
designed / implemented Enterprise Security Management Solution is the
consolidation of disparate and widespread information (often logs) into
a unified data source and the simultaneous normalization of this data to
a homogeneous standard. Critical to Incident Response is the ability to
rapidly access data across multiple disparate systems, which is simply
not possible in an enterprise class network without a well executed
ESM.
Benefits include:
Consolidation of data from multiple
disparate sources (firewall, IDS, Authentication Server, Web Server,
Database, ERP Application System Log, etc.) into a unified source.
This allows forensic investigations to be conducted from a single
data store -- instead of up to a dozen. Normalization of data from multiple
disparate sources firewall, IDS, Authentication Server, Web Server,
Database, ERP Application System Log, etc.) This allows relevant
security event data to be gathered accurately and rapidly with a
single query. Non normalized data may require repetitive queries to
account for non-normalization (e.g., web traffic may be reported as
HTTP, web, 80, TCP-80, HTTP-80, etc. by disparate systems). Ability
to be compliant with Incident Response Requirements. Ability
to gather data and conduct forensic investigations in a manner
consistent with evidentiary laws.
|
