LTS Secure SOC BOX: NERC CIP Cyber Security Compliance Management

In order to establish reliability & security standards for Bulk Electric System (BES), certain guidelines must be followed by companies in the power sector, so that they can comply with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards.

These reliability standards address security requirements like:-

  • Security Management
  • Information Protection
  • Risk-Based Assessment
  • Configuration Change Management
  • Vulnerability Assessment
  • Incident Response & Investigation
  • Remote Access
  • Perimeter & Physical Security

With the introduction of v5 of NERC CIP, all BES facilities have now come in scope with at least one of the requirement laid out by NERC CIP. Now, in order to determine their compliance requirements, providers are required to evaluate their BES to identify systems as high, low or medium impact.

LTS Secure SOC BOX delivers essential security capabilities that help you streamline BES infrastructure assessment & compliance.

  • Developed for IT & Security team with limited resources
  • Accelerates Infrastructure Assessment with:-
    • Asset Discovery & Management
    • Vulnerability Assessment & Management
    • Event Correlation
    • Intrusion Detection (IDS)
    • Behavioral Monitoring
    • Integrated Threat Intelligence
  • Integrated Threat Intelligence helps in Threat Detection & Response

Request A Demo

 

Discover How LTS Secure SOC BOX Supports  NERC IP Compliance

 

NERC CIP Requirement

LTS Secure SOC BOX Capabilities

Benefits of SOC BOX

Security Management Controls
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Behavioral Monitoring
  • Services Monitoring
  • Log Management
  • Provides continuous capture and real-time monitoring of a broad range of data, including: events, asset data, configuration data, vulnerability data and network traffic.
  • HIDS monitors systems with highly sensitive data to ensure data integrity, availability and confidentiality.
  • NIDS detects malicious traffic on your on-premises infrastructure.
  • File Integrity Monitoring (FIM) alerts on changes to critical files which could signal a compromised system.
  • Event correlation links disparate events to alert you of attacks in progress, such as unauthorized access followed by privilege escalation followed by communication with C&C servers.
  • SOC BOX identifies the most significant threats targeting your network with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.

Information Protection
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Behavioral Monitoring
  • Executive Dashboards and Reports
  • Log Management

 

 
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords.
  • Built-in Host intrusion detection (HIDS) and File Integrity Monitoring will signal when password files and other critical system files have been modified.
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and firewalls), software (mission-critical apps) or data type (e.g., sensitive information).
  • Unified event correlation connects critical, yet related events across systems such as a password change followed by exfiltration of data from the same device.
  • Built-in network flow analysis monitors on-premises network traffic and protocols to identify anomalous activity and policy violations.
  • Event correlation rules provide the situational awareness needed to identify potential data exfiltration.
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.
  • Flexible data search and analytics to create custom views and to report quickly.

Risk-Based Assessment of Bulk Electric Systems (BES) Cyber Systems
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • Event Correlation
  • Behavioral Monitoring
  • Executive Dashboards and Reports
  • Log Management

 

 
  • Automatically discover all assets via built-in asset discovery—highlight high, medium, and low impact BES Cyber Systems assets based on available services, configuration, and traffic generated.
  • Identify and enumerate services running on each asset, as well as configuration details and other critical information.
  • Validate effectiveness of layered controls and processes through built-in essential security capabilities such as asset discovery, vulnerability assessment, intrusion detection, log management and more.
  • Flexible data search and analytics to create custom views and to report quickly.

Configuration Change Management and Vulnerability Assessments
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Threat Intelligence

 
  • Built-in asset discovery provides dynamic inventory of all devices on the network and software installed.
  • Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices.
  • File Integrity Monitoring alerts on changes to critical files which could signal a threat.
  • Built-in service availability monitoring detects critical service interruptions or misconfigurations that could signal a threat.
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.
  • Unified controls for scheduling scans, identifying vulnerabilities and investigating incidents.

Incident Reporting and Response Planning
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Threat Intelligence
  • Log Management

 

 
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring — accelerates the incident response process.
  • Unified log review and analysis, with triggered alerts for high risk systems.
  • Customized, action-oriented alerts which tell you exactly what to do next when responding to incidents.
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.

Electronic Security Perimeters Including Interactive Remote Access
  • Ability to Integrate Data from any 3rd Party Data Sources
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Behavioral Monitoring
  • Threat Intelligence
  • Log Management

 

 
  • Extensive plugin library for integrating security event data from existing systems and applications.
  • Continuous vulnerability monitoring will identify any misconfigurations that would expose internal systems to external access.
  • Built-in network IDS detect attacks against perimeter devices as well as malicious traffic inside the on-premises perimeter.
  • Unified traffic analysis and event correlation monitors traffic and issues alerts on policy violations and incidents including breach of network perimeter security controls.
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and Firewalls), software (mission-critical apps) or data type (e.g., sensitive information).
  • SOC BOX identifies the most significant threats targeting your environment with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond.

Physical Security of BES Cyber Systems
  • Asset Discovery & Management
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Event Correlation
  • Threat Intelligence
  • Log Management

 

 
  • Built-in and automated asset discovery will identify all IP-enabled physical security systems (e.g., card key / proximity card devices, authentication devices, or IP cameras).
  • The USM Appliance Logger will record all physical security access events logged by physical security systems for correlation with other logical systems (access to servers in data center).
  • Ability to create custom alarms to identify attacks against physical security devices and systems Alerts you whenever a user inserts a device into a USB port on a system you’re monitoring to detect unauthorized activity that can lead to data theft.

ABOUT US

LTS Secure offers Security Suite to rationalize, prioritize & automate response to risks in your environment. Comprehensive Cyber Security Solutions with continuous monitoring at all layers of the IT stack: network packets, flows, OS activities, content, user behaviors and application transactions