- Acronis
- Aruba Networks
- Assuria
- Boldon James
- C2C
- Celestix
- Check Point
- Credant
- Cryptocard
- DESlock
- Exinda
- Extricom WLAN
- ForeScout NAC & IPS
- Imprivata SSO
- InfoGov
- IronKey
- Juniper Networks
- Loglogic
- Lumension
- McAfee
- Mimecast
- Netasq EAL4
- Palo Alto Networks
- Safend
- SecurEnvoy
- Sourcefire
- Stonesoft
- Swivel
- Symantec
- Titus Labs
- Trend Micro
- Vasco
- Verity Systems CESG Degausser
- Wallix
- Watchguard
- 1st Responder Services
- Business Support
- Database Security
- Forensics
- Information Systems Security Assessment
- ISO27001 GAP Analysis
- IT Security Awareness
- IT Security Consultancy
- IT Security Standards Compliance Assessment Service
- Penetration Testing
- Physical Security
- Service Management
- Social Engineering
- Wireless Security
- Web Application Test
Protective Monitoring for HMG ICT Systems is based on CESG’s Good Practice Guide no.13 (GPG 13.) It provides a framework for treating risks to systems and includes mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest. GPG13 is essentially compulsory for systems that store high impact level data.
All HMG organisations, whether central or local government, police, fire, health and education authorities are mandated to comply with policy, standard, legislative and regulatory requirements. Protective Monitoring with its levels of log management and reporting can help in forensic readiness, incident management and most importantly, delivering against these regulatory requirements by providing evidence of compliance to the auditors.
An effective Protective Monitoring strategy is an automated Log and Event Management platform that delivers a repeatable service to all stakeholders.
Implementation of protective monitoring solutions are recommended in a number of regulatory and industry best practices, such as PCI DSS, ISO27001 and GCSx CoCo.
The goal of a Protective Monitoring system is to ensure that there is a level of operational insight, to ensure that organisations have an understanding of how their IT systems are being used or abused by internal or external agents.
The benefits of providing a comprehensive approach to protective monitoring
- Compliance - Ensure that systems are operated within the requirements of published policy, legislation or regulations, to deter and detect any unlawful activities.
- Risk Management - Provide a mitigation process of risk to the con.dentiality, integrity and availability of information assets of the system.
- Reporting and Continuous Improvement - Within Central HMG it is a mandatory requirement of the Security Policy Framework (SPF) to provide a reporting model within the IA structure.
- Situational Awareness - Provide real-time feeds of information collected by the system providing awareness of activities of a threat source or vector being exploited, enabling security incidents to be detected, investigated and reported, ensuring that the correct remediation is put into play.
- Enabling Acceptability - Ensure that the system is used within the parameters that the business de.nes and is not used for unlawful purposes, or in a manner that diverts users from their function.
- Network Defence - Working with other security controls to provide a “defence in depth” capability to facilitate automated responses to threats of ICT.
GPG13 consists of twelve Protective Monitoring Controls (PMC), each of which is designed to improve an organisations risk profile. A description of each can be found in the pane on the right.
GPG13 SIEM / Log Management
Assuria Log Manager (ALM) has achieved CESG CCTM approval and securely collects and manages audit logs to comply with regulations. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes.
For more details on Assuria Log Manager
Assuria Auditor is an independent security configuration assurance, vulnerability assessment, change detection system for enterprise servers. Assuria auditor examines and verifies system settings, the selected system options and user preferences of computer systems against an organisations system configuration policy. Variances and deficiencies from the desired configuration policy are highlighted. Assuria Auditor features regulatory and standards compliance reporting including PCI DSS, GCSx CoCo, GPG13, IGT, ISO 27001 and ISO 27002 (ISO 17799), SOX and more.
Log Management Appliances
LogRhythm is an enterprise-class application that seamlessly combines Log & Event Management, File Integrity Monitoring and Endpoint Monitoring & Control into a single integrated solution. It is highly reliable, cost effective and easily scalable across any size enterprise. With LogRhythm, you can invest in a single solution to address needs and challenges throughout your organization, whether they are related to compliance, security or IT operations.
For more details on LogRhythm Single Integrated Appliances
LogRhythm GPG13 compliance whitepaper
LogLogic Open Log Management Collect, normalize, index, store, and search log data automatically with our easy-to-deploy appliances or hosted solutions. Rapidly drill down into log details and create detailed reports with our built-in templates. All LogLogic appliances are run on hardened linux appliances that are designed to offer full log processing and archive based on the amount of Event Per Second (EPS) design.
© Copyright Castleforce 2007-2012. Web design by Theme Group