Control ID and Description

Relevant LTS Secure SOAR Stack Capabilities

Examples of How LTS Secure SOAR Helps

CC3.2

The entity designs, develops, and implements controls, including policies and procedures, to implement its risk mitigation strategy

• Asset Discovery
• Vulnerability Assessment
• Threat Detection
• Incident Response
• Threat Intelligence

• In-Built asset discovery helps identify physical as well as virtual assets running on-premises and in cloud environments
• Regular vulnerability scans can be scheduled to identify vulnerabilities on assets across your on-premises & cloud environments
• Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
• Uses machine learning and state-based correlation capabilities to detect threats
• Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
• Monitors public and dark web sources for the trade or communication of stolen credentials
• Provides information on recommended patches to identified vulnerabilities
• LTS Secure SIEM  enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella, and blocking malicious IP addresses with Palo Alto firewalls
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC4.1

The design and operating effectiveness of controls are periodically evaluated against the Security Principle commitments and requirements, corrections and other necessary actions relating to identified deficiencies are taken in a timely manner

• Asset Discovery
• Vulnerability Assessment
• Threat Intelligence

• Asset discovery gathers information on deployed assets and controls, including what services are running and ports exposed, and helping to drive insights and monitoring of any shifts from baselines
• Regular vulnerability scans can be scheduled to identify where deployed assets, systems, and software may be exposed to increased risk
• Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
• Provides information on recommended patches to identified vulnerabilities
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC5.1

Logical access security software, infrastructure, and architecture have been implemented to support 
(1) identification and authentication of authorized users; 
(2) restriction of authorized user access to system components, or portions thereof, authorized by management, including hardware, data, software, mobile devices, output, and offline elements; and 
(3) prevention and detection of unauthorized access

• Privileged Activity Monitoring
• Privileged User Monitoring
• Threat Detection
• File Integrity Monitoring
• Log Management & Reporting
• Threat Intelligence

• Policies can be created and enforced on User & Group to make sure that only the authorized personal are allowed access to critical servers & applications while their activates are being monitored.  
• Network, host, and cloud intrusion detection to provide continuous monitoring of your on-premises and cloud environments (AWS, Azure, Office 365, G Suite) to detect threats and anomalies, including ransomware and malware
• Monitors successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
• Identify changes to Office 365 policies including Data Leakage Protection (DLP), Information Management, Password Management, and more
• As part of host-intrusion detection, File Integrity Monitoring detects and alerts you to changes and access to critical system and application binaries, configuration files, and Windows Registry entries on your mission critical servers.
• Regularly updated threat intelligence ensures that the latest threat detection knowledge and correlation rules are available.

CC5.3

Internal and external system users are identified and authenticated when accessing the system components (for example, infrastructure, software, and data)

·         Privileged Activity Monitoring

·         Privileged User Monitoring

• Log Management & Reporting

• Monitors successful and failed logon events to assets by internal and external users, including where authentication and authorization is handled by services like Okta or Azure Active Directory
• Monitors user and administrator activities, including access and modification of files and content, in cloud applications such as Office 365 and G Suite

CC5.6

Logical access security measures have been implemented to protect against Security Principle threats from sources outside the boundaries of the system

• Threat Detection
• Incident Response
• Threat Intelligence

• LTS Secure SIEM includes network, host, and cloud intrusion detection to provide continuous monitoring of your on-premises and cloud environments (AWS, Azure, Office 365, and G Suite) to detect threats and anomalies, including malware  and ransomware
• LTS Secure SIEM enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella, and blocking malicious IP addresses with Palo Alto firewalls
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC5.8

Controls have been implemented to prevent or detect and act upon the introduction of unauthorized or malicious software

• Vulnerability Assessment
• Threat Detection
• Threat Intelligence

• Identify systems prone to known vulnerabilities, or that may not have antivirus installed.
• Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C) Server
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC6.1

Vulnerabilities of system components to security breaches and incidents due to malicious acts, natural disasters, or errors are monitored and evaluated and countermeasures are implemented to compensate for known and new vulnerabilities

• Asset Discovery
• Vulnerability Assessment
• File Integrity Monitoring
• Threat Intelligence

• Asset discovery identifies assets, and Asset Groups dynamically group assets, such as all Windows assets, as well as allowing users to define their own asset groups
• Regular vulnerability scans can be scheduled to identify vulnerabilities on assets across your on-premises & cloud environments
• Vulnerabilities are ranked as high, medium or low priority to support prioritization for mitigation of risk
• Presents availability of recommended patches for discovered vulnerabilities
• As part of host intrusion detection, File Integrity Monitoring helps you detect and raises alerts when access and changes are being done to critical systems, application binaries, configuration files, and Windows Registry entries on your critical servers
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC6.2

Security incidents, including logical and physical security breaches, failures, concerns, and other complaints, are identified, reported to appropriate personnel, and acted on in accordance with established incident response procedures

• Threat Detection
• Incident Response
• Log Management

• Uses machine learning and state-based correlation capabilities to detects threats
• Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
• Monitors public and dark web sources for the trade or communication of stolen credentials
• Security analysts can be notified of alarms through email or SMS, or through other applications including ServiceNow, Pager Duty, Slack, and Datadog
• Alarms can be labelled to help avoid conflicts across teams, and to help identify status of an alarm
• LTS Secure SIEM enables orchestrated manual and automated response actions to be executed to mitigate risks, such as blocking access to and from malicious domains with Cisco Umbrella, and blocking malicious IP addresses with Palo Alto firewalls
• Powerful search and analysis capabilities permit forensic analysis of aggregated log and event data from a central location

CC7.3

Change management processes are initiated when deficiencies in the design or operating effectiveness of controls are identified during system operation and monitoring

• Vulnerability Assessment
• Threat Intelligence

• Regular vulnerability scans can be scheduled to identify vulnerabilities on assets across your on-premises & cloud environments
• Highlights the availability of any recommended patches for discovered vulnerabilities
• Regularly updated threat intelligence ensures that the latest vulnerability detection and remediation information is available.

CC7.4

Changes to system components are authorized, designed, developed, configured, documented, tested, approved, and implemented in accordance with Security Principle commitments and requirements

• File Integrity Monitoring

• File Integrity Monitoring helps you detect and raises alerts when access and changes are being done to critical systems, application binaries, configuration files, and Windows Registry entries on your mission critical servers, so that you can ensure if a change was authorized or not.