ISO 27001 Control Objective

ISO 27001 Control

Examples of How the USM Platform Helps

A.8 - Asset Management

A.8.1 - Responsibility for assets

A.8.1.1 - Inventory of Assets

• Discovers and supports review of changes to asset inventory, including physical and virtual assets running on-premises, and in cloud environments.
• Inventories and supports review of changes to the operating systems, software applications, and services running within discovered assets.
• Asset Groups deliver dynamically or analyst-defined grouping of assets, such as business critical assets, HIPAA assets, PCI assets, Windows assets, and more.

A.9 - Access Control

A.9.2 - User Access Management

A.9.2.2 - User access provisioning

·         Monitors and logs the provisioning and de-provisioning of user accounts on endpoints, in Office 365,  in G Suite, etc.

A.9.2.3 - Management of privileged access rights

• Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite.
• Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory,  Office 365, G Suite, etc.

A.12 - Operations Security

A.12.2 - Protection from malware

A.12.2.1 - Controls against malware

• Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational.
• Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C, or C2) Server.
• Continuously updated threat intelligence ensures that LTS Secure SOC BOX has the latest correlation directives and IDS rules to detect malware, and guided threat response to provide context on the attack - saving analysts’ precious time and allowing them to focus on detecting and responding.

A.12.4 - Logging and monitoring

A.12.4.1 - Event logging

• Aggregates events and log data, including user and administrator activity, from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite.
• File Integrity Monitoring can detect and log access and changes to critical system and application data and configuration files, and to the Windows Registry.

A.12.4.2 - Protection of log information

• LTS Secure SOC BOX is attested compliant with PCI DSS, HIPAA, SOC 2, and ISO 27001, demonstrating the necessary controls to assure confidentiality, integrity, and availability of the service and data.
• File Integrity Monitoring can detect and log access and changes to critical system and application configuration and log files, and to the Windows Registry, detecting any attempt to delete or prevent the processing of log data.

A.12.4.3 - Administrator and operator logs

• Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite.
• Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory, Office 365, G Suite, etc.
• Monitor for changes to Office 365 policies such as Data Leakage Protection (DLP), information management, and more.
• Monitors user and administrator activities, including access and modification of files and content, in on-premises and cloud-hosted assets, and in cloud applications such as Office 365 and G Suite.

A.12.4.4 - Clock synchronization

• Monitor and alarm on Group Policy errors, which could indicate issues or attempts to disable clock synchronization.
• File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate issues or attempts to disable clock synchronization.

A.12.6 - Technical Vulnerability Management

A.12.6.1 - Management of technical vulnerabilities

• Regularly scheduled vulnerability scans identify known vulnerabilities on assets across your environments, identifying the respective CVE code for the vulnerability, and using the corresponding CVSS score to rank the vulnerability as high, medium or low priority.
• Continuously updated threat intelligence ensures that LTS Secure SOC BOX is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, and guided threat responses.
• Outlines recommended patches for discovered vulnerabilities.

A.13 - Communications Security

A.13.1 - Network security management

A.13.1.1 - Network controls

• Monitors and correlates events gathered from network traffic and network devices (firewalls, routers, switches, and more) to identify anomalous network traffic, such as communication to a known malicious server.
• Continuously updated threat intelligence ensures that LTS Secure SOC BOX is operating with the latest correlation directives, IDS rules, Indicators of Compromise, guided threat responses and more - saving analysts’ precious time and allowing them to focus on detecting and responding.

A.13.2 - Information transfer

A.13.2.3 - Electronic messaging

• Monitors for phishing or malware attacks against email services, including Office 365 and G Suite.
• Audit administrator actions, including mailbox creation and deletion, or changing configurations that could disable protection mechanisms such as encryption or data leakage protection.
• Know when users access mailbox folders, purse deleted items, access other mailbox accounts, and more.
• Be alerted to changes to Exchange policies that could let in malware.

A.14 - System acquisition, development and maintenance

A.14.1 - Security requirements of information systems

A.14.1.2 - Security application services on public networks

• Monitor and alarm on Group Policy errors, which could indicate attempts to disable local security services and introduce misconfigurations that compromise asset integrity and security.
• File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate installation of malware or disabling protection mechanisms like two-factor authentication or encryption.

A.14.1.3 - Protection application services transactions

·         Monitors and correlates events gathered from network traffic and network devices (firewalls, routers, switches, and more) to identify anomalous network traffic, such as communication of transactions and data to a known malicious server.

A.16 - Information security incident management

A.16.1 - Management of information security incidents and improvements

A.16.1.2 - Reporting information security events

• Enables creation of different user accounts that grant access to  LTS Secure SIEM for inspection and review of alarms, events, and reports.
• Enables creation of incident tickets within the LTS Secure SIEM console in response to a detected alarm.

A.16.1.4 - Assessment of and decision on information security events

• Uses machine learning and state-based correlation capabilities to detect threats, and then classifies alarms using a kill-chain taxonomy to inform the risk level of that threat.
• Continuously updated threat intelligence ensures that LTS Secure SOC BOX is operating with the latest correlation directives and context on those threats to support comprehension and incident response decision making.

A.16.1.5 - Response to information security incidents

• Continuously updated threat intelligence, provides recommendations on how to respond to different incident types guided threat response and more.
• Enables orchestrated manual and automated actions to be executed to contain threats, such as open incident, isolating systems from the network, and more.

A.16.1.6 - Learning from information security incidents

• Enables forensic tasks to be executed manually or automatically in response to a detected threat.
• Provides forensic investigation using rich filter and search capabilities, and reporting, against event and log data that is centrally aggregated and retained from across your on-premises and cloud environments and applications.

A.16.1.7 - Collection of evidence

• Aggregates events and log data from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite, into long term log storage.
• Maintains searchable database of events for up to 90-days, with long-term storage of at least 365 days.

A.17 - Information security assets of business continuity management

A.17.1 - Information security continuity

A.17.1.2 - Implementing information security continuity

• LTS Secure SOC BOX is a SaaS  offering with high availability, to ensure continuity of service that is completely separate from a customer's environment
• LTS Secure utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.

A.18 - Compliance

A.18.1 - Compliance with legal and contractual requirements

A.18.1.3 - Protection of records

• LTS Secure SOC BOX is a SaaS  offering with high availability, to ensure continuity of service that is completely separate from a customer's environment
• LTS Secure utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.
• LTS Secure SOC BOX is attested as compliant against several regulatory and cyber security standards, including PCI DSS, HIPAA, SOC 2, and ISO 27001.