|
GLBA Requirement
|
LTS Secure SOC BOX Capabilities
|
Benefits of SOC BOX
|
|
Security Process
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Log Management
- Executive dashboards and reports
|
- Built-in asset discovery, vulnerability assessment, intrusion detection & behavioral monitoring provide a complete picture of your risk posture, within minutes of installation.
- Accurate and consolidated asset inventories combined with real-time vulnerability assessment data is essential for auditor reviews and assessments.
- Accelerated audit procedures because complete visibility begins as soon as you deploy LTS Secure SOC BOX.
|
|
Information Security Risk Assessment
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (NIDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
- Log Management
- Executive dashboards and reports
|
- Built-in asset discovery, vulnerability assessment, intrusion detection & behavioral monitoring reduce the cost and complexity of compliance.
- Unified log review and analysis, with triggered alerts for high risk systems.
- Customized, context-specific alerts provide remediation guidance that tells you exactly what to do, rather than add to the noise.
|
|
Information Security Strategy
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
- Log Management
|
- Automatically discover all assets via built-in asset discovery—highlight high value assets based on available services, configuration and traffic generated.
- Validate effectiveness of layered controls through built-in essential security such as asset discovery, vulnerability assessment, file integrity monitoring, IDS, log management and more.
- Monitor changes to critical files with built-in File Integrity Monitoring.
- Securely store raw event log data for investigation and forensic analysis.
|
|
Security Controls Implementation – Access Control
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
|
- Built-in, automated vulnerability assessment identifies the use of weak and default passwords.
- Built-in host intrusion detection (HIDS) and File Integrity Monitoring will signal when password files and other critical system files have been modified.
- Security intelligence connects critical, yet related events across systems such as a password change followed by exfiltration of data from the same device.
- Built-in NetFlow analysis monitors network traffic and protocols to identify anomalous activity and policy violations.
|
|
Security Controls Implementation – Physical and Environmental Protection
|
- Asset Discovery & Management
- Event Correlation
- Log Management
|
- Built-in and automated asset discovery will identify all IP-enabled physical security systems.
- LTS Secure Logger will record all physical security access events logged by proximity card systems for correlation with other logical systems (access to servers in data center).
|
|
Security Controls Implementation – Encryption
|
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- NetFlow analysis
- Event Correlation
|
- Built-in HIDS enforces server security policies including encryption for critical system files and sensitive data.
- File Integrity Monitoring (FIM) monitors any changes to critical files including decryption and re-encryption.
- Unified NetFlow analysis and event correlation monitors traffic and issues alerts on unencrypted traffic to/from sensitive data resources.
- LTS Secure SOC BOX will detect and alert when encryption or decryption procedures are not implemented correctly.
|
|
Security Controls Implementation – Malicious Code Prevention
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
- Log Management
|
- Built-in vulnerability assessment discovers hosts and applications that may be vulnerable to malware and other exploits.
- Built-in threat detection tools, detects and alerts on potential infections and exposures.
- File Integrity Monitoring (FIM) alerts on changes to critical files which could signal malicious intent or malware infection.
- Unified essential security delivers the security intelligence required to respond to and contain malware outbreaks.
|
|
Security Controls Implementation – Systems Development, Acquisition and Maintenance
|
- Asset Discovery & Management
- Vulnerability Assessment
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
|
- Automated asset discovery provides a complete and dynamic asset inventory—critical for identifying all operational software including systems in development.
- Built-in vulnerability assessment identifies which systems require patches, updated software or re-configuration.
- HIDS and FIM identify and alert on changes to critical software.
|
|
Security Controls Implementation – Personnel Security
|
- Asset Discovery & Management
- Log Management
- Behavioral Monitoring
- Event Correlation
|
- Built-in asset discovery and inventory provides granular details on device configuration, installed software, and ownership details to track users with associated devices.
- Log management provides secure storage of raw event log data for detailed audit trails of user activity.
- Built-in behavioral monitoring identifies suspicious user activity and alerts on policy violations and potential insider threats.
|
|
Security Controls Implementation – Data Security
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Log Management
|
- LTS Secure SOC BOX provides continuous capture and real-time monitoring of a broad range of data, including: events/ logs,configuration data, asset data, vulnerability data and network flow data.
- Built-in HIDS can be implemented on systems with highly sensitive data to ensure data integrity, availability and confidentiality.
- File Integrity Monitoring (FIM) alerts on changes to critical files which could signal a threat.
- Built-in threat detection, behavioral monitoring and event correlation signals information leakage and other attacks in progress—for example, unauthorized access followed by additional security exposures such as sensitive data exfiltration.
- Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations.
|
|
Security Monitoring – Activity Monitoring
|
- Network Intrusion Detection (IDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Log Management
|
- Built-in HIDS will alert on policy violations such as attempted use of external storage media on critical systems.
- Built-in File Integrity Monitoring (FIM) captures anomalous changes to critical files.
- Event correlation rules provide the situational awareness needed to identify potential data exfiltration.
|
|
Security Monitoring – Condition Monitoring
|
- Asset Discovery & Management
- Vulnerability Assessment
- Availability Monitoring
|
- Built-in asset discovery provides dynamic inventory of all devices on the network and all software installed.
- Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices.
- Built-in service availability monitoring detects critical service interruptions that could signal a threat.
|
|
Security Monitoring – Analysis and Response
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (NIDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
- Log Management
|
- Built-in asset discovery, vulnerability assessment, intrusion detection & behavioral monitoring, accelerates and simplifies the incident response process.
- Unified log review and analysis, with triggered alerts for high risk systems.
- Customized, context-specific alerts provide remediation guidance that tells you exactly what to do next when responding to incidents.
|
|
Security Process Monitoring and Updating
|
- Asset Discovery & Management
- Vulnerability Assessment
- Network Intrusion Detection (NIDS)
- Host Intrusion Detection (HIDS)
- File Integrity Monitoring (FIM)
- Event Correlation
- Behavioral Monitoring
- Log Management
- Executive dashboards and reports
|
- Built-in asset discovery provides dynamic inventory of all devices on the network and all softwares installed.
- Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices.
- Unified security management enables continuous monitoring and process improvement through alerts, assessments, executive dashboards and reports.
|