Threat Advisor: The Convergence of Security and Compliance
» Solutions » Government
Managing the risks associated with this information is critical not only for government security but also to ensure citizens’ confidence in public services — it requires continuous monitoring.
NIST and CAG guidelines acknowledge the criticality of automation and the visibility these tools provide for the success of continuous monitoring. The FY 2012 Federal Information Security Management Act Reporting Metrics take automation and visibility several steps further.
For government security professionals, the challenge is to combat malicious attacks and advanced cyber threats. Tailored solutions are needed to address the specific needs of individual government agencies. By developing solutions in lockstep with these requirements and standards, Bit9 provides government organizations the ability to protect valuable data and achieve FISMA and FDCC compliance.
To view details on Bit9′s Government Relations Program, click here.
Specific hashes are an extremely valuable resource for identifying vulnerabilities and protecting against cyber attacks.
Bit9, working with government agencies, has developed custom functionality that automates the management of the hash set and provides unprecedented visibility and control across thousands of computers.
These special-purpose utilities save a significant amount of time, enable a new perspective and ensure effective banning of specific hash sets. Agencies are able to automatically upload hash files to locate the computers that contain the hashes, determine if the files have ever executed, ban execution of the files, and alert on attempted executions.
In order to ensure agency systems have the most critical baseline security controls in place, The Compliance Audit Guidelines provide the first step towards specific guidelines that CISOs, CIOs, IGs and the US-CERT can adopt.
CAG takes advantage of knowledge gained in analyzing the myriad attacks that are being actively and successfully launched against federal systems and industrial base systems, and also identifies the key controls that are most critical for stopping those attacks.
Having a whitelist of trusted software as well as a complete inventory of authorized and unauthorized software is important within the guidelines. Software that is extraneous to business use often introduces security vulnerabilities, and once a machine is exploited attackers can use it as a staging point for collecting sensitive information from other systems, the guidelines warn.
The Bit9 Security Platform provides real-time file tracking that facilitates a live inventory of all executable files that currently reside on all of your systems as well as any executable that has ever been on a computer regardless of its current status, allowing you to identify high-risk files quickly and accurately.
Bit9’s Security Platform enables federal agencies to achieve these guidelines and protect information by providing a methodology that minimizes the risks of malicious, illegal and unauthorized software that can create vulnerabilities and open the door to targeted attacks.
FISMA imposes a mandatory set of processes that must be followed for all information systems used or operated by a U.S. federal government agency or by a contractor or other organization on behalf of a federal agency.
Best practices for achieving FISMA compliance are based on the Consensus Audit Guidelines (CAG) which prescribes application control and whitelisting as a method to define and allow only trusted software to run in an environment.
Bit9 provides controls minimize the risk of malicious, illegal and unauthorized software that can create vulnerabilities and enable targeted attacks by preventing the installation or execution of unauthorized applications and the use of unauthorized portable storage devices.
The Bit9 Security Platform provides:
The FDCC is a U.S. Office of Management and Budget mandate, that requires all federal agencies to standardize the configuration of approximately 300 settings on each of their Windows XP and Vista computers.
The intent of this standard is to strengthen federal IT security by reducing opportunities for hackers to gain access and then exploit government computer systems. Enforcing a whitelist of trusted and authorized software and preventing software configuration further complements the standard. Any software that is extraneous to business use can introduce security vulnerabilities, and once exploited, attackers can that machine as a staging point for collecting sensitive information from other systems within the environment.
The Bit9 Security Platform helps federal agencies to protect information by providing a methodology for trust-based, policy-driven application control and whitelisting to prevent the installation or execution of unauthorized applications. These application controls minimize the risk of malicious, illegal and unauthorized software that can create vulnerabilities and enable targeted attacks.
Protective Monitoring, also known as Good Practice Guide 13, or GPG13, is a UK government recommended set of people and business processes and technology to improve company risk profiles.
Established by CESG (Communications and Electronic Security Group), the UK’s National Technical Authority for Information Assurance, GPG13 is a Protective Monitoring framework for HMG ITC (Information and Communication Technology) systems, service providers and outsourcing companies to reduce risk and secure confidential data.
Good Practice Guide (GPG) 13 Compliance is a risk management and accreditation of information system standard that applies to all national infrastructure security systems. This standard defines major security threats and the associated security requirements. It provides a framework for treating risks to systems and includes mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest.
Bit9 helps with this compliance standard in many ways. First Bit9 provides an advanced threat protection solution for endpoints and servers that allows organizations held to GPG 13 to place systems into a positive proactive stance against the approved controls and application within their infrastructure. Policies can be utilized to match the threat requirements outlined within the standard in order to provide immediate control and visibility over all critical assets. Secondly, Bit9 can provide a complete audit of all event and log data that applied to the policy standard in order to demonstrate compliance.