The fourth generation, ThreatVision™ solution offers a comprehensive approach to 'Continuous Compliance' necessitated by government regulations such as FISMA, DIACAP, NIACAP, HIPAA, GLBA and SOX. ThreatVision™ solution offers a real-time dashboard view of threats to compliance. ThreatVision™ analyzes information such as security logs, alerts and system alarms collected from multiple devices across multiple platforms. The analysis reduces the massive amount of incoming data to a manageable number of alerts that are prioritized based on threat severity. The alerts with all the relevant information, including Knowledgebase links, are then displayed on a central management console.
The security and compliance teams can now focus on security events that present immediate threat to the organization. This allows most efficient use of the limited security resources in an enterprise or a service provider environment
Security and Compliance Management in multi-vendor multi-platform environment
As incidents of malicious attacks on corporate information and resources rise, organizations must fortify their security practices and implement more proactive measures to ensure the ongoing safety of their networks, servers and applications. Simultaneously, the economic climate is restricting many companies' ability to invest the time, talent, and resources needed to maintain a security-hardened infrastructure.
Today’s multi-vendor environment presents additional challenges to the network and security administrators. The typical network may have network and security devices from leading vendors such as Cisco, Intel, CheckPoint, SonicWall, Juniper, and Raptor platforms. The IDS sensors themselves may be from Internet Security Systems (ISS), SNORT and Cisco. Each vendor device comes with its own management system, its own log analysis and reporting tools that do not look beyond the individual vendor platform. An added challenge is that the event information being received such as system alerts, logs or SNMP traps may be in presented in a standard or a proprietary format with format variation with different version of the product.
Compliance Challenge due to data overload
The problem is further compounded by the massive amount of event data that needs to be gathered, analyzed and reported to the compliance administrator on a daily basis. Each firewall or IDS system could easily generate multi-gigabytes of information per day. If there is an attack in progress the data size may increase by tenfold. With the current set of limited tools from device vendors that do not scale across multiple platforms, most of the security event data is completely ignored or partially attended to, creating a massive hole in the security management of the enterprise.
ThreatVision™ Solution
ThreatVision™ addresses this business need by providing data collection, data reduction and event correlation function across leading firewall, VPN, IDS and Server platforms.
In typical scenarios, deployment of ThreatVision™ may result in data reduction of 50,000 incoming events to a total of 50 events, which may be further classified as 5 critical, 10 major and 35 minor alerts on the management console. The system administrator can therefore focus on taking the necessary action to address the events of critical nature and not be deluged by the 50,000 events. ThreatVision™ solution uniquely identifies threats to compliance by alerting the network security teams. The real-time alerts on the dashboard combined with extensive pre-built reports allow companies to stay on top of their compliance requirements.
For additional information on how the ComplyVision™ and ThreatVision™ solution can help you in your ISO 27001 audit, please contact our experts at 703.310.6449, or e-mail us at [email protected]