Interactive Demo

Watch 3-minute video tour

Accelerate NERC CIP Compliance

AlienVault Unified Security Management (USM) provides a fast, cost-effective way for teams with limited security staff and budget to meet their NERC CIP compliance needs.

See below how AlienVault USM helps you cover key NERC CIP requirements, or download the NERC CIP Compliance Solution Brief.

Unify your defenses and simplify NERC CIP compliance.

The North American Electric Reliability Corporation (NERC) has provided specific guidance to organizations in the power industry to ensure reliability and security standards for the bulk electric system (BES). The NERC CIP reliability standard specifically addresses security requirements for critical infrastructure protection. In a nutshell, these requirements include control areas such as:

  • Asset identification
  • Vulnerability reporting
  • Security management
  • Perimeter and physical security
  • Incident response & investigation
  • Change and configuration management
  • Information protection

Achieving and proving compliance with NERC CIP can be very challenging. NERC CIP compliance requires implementing essential security controls for asset configuration, vulnerability assessment, threat detection, behavioral monitoring and log management. And that’s not all. IT staff then needs to monitor these controls and correlate the data being produced by them—across the entire network, in real time. Traditional security products only perform one or two of these functions, leaving the security analyst left with figuring out how to cobble these disparate tools together to provide a unified view into security and compliance status.

AlienVault’s Unified Security Management (USM) platform provides a powerful alternative. One that delivers a fast and cost-effective way for teams with limited security staff and budget to address their NERC CIP compliance needs. Leveraging field-proven open source technologies, USM provides users with an automated offering for Asset Discovery, Vulnerability Assessment, Behavioral Monitoring, Threat Detection and Security Intelligence & Event Correlation. With all of the essential security controls built-in, USM puts unified security visibility within fast and easy reach of smaller security teams who need to do more with less.

NERC CIP Requirement AlienVault USM Capabilities Benefits of Unified Security Management
Sabotage Reporting
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless Intrusion Detection (WIDS)
  • File Integrity Monitoring
  • Log Management
  • SIEM / event correlation
  • Executive dashboards and reports
  • Built-in asset discovery, vulnerability assessment, threat detection, behavioral monitoring, and security intelligence— provides a complete picture of your risk posture, within minutes of installation
  • Built-in behavioral monitoring identifies suspicious user activity and alerts on policy violations and potential insider threats
  • Detailed reports can be auto-generated and distributed in a variety of formats (PDF, EMAIL, HTML, etc.)
  • Accelerated audit procedures because complete visibility begins as soon as you install AlienVault USM™
Cyber Security – Critical Cyber Asset Identification
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Wireless Intrusion Detection (WIDS)
  • File Integrity Monitoring
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Executive dashboards and reports
  • Automatically discover all assets via built-in asset discovery—highlight high value assets based on available services, configuration and traffic generated
  • Identify and enumerate all software installed on each asset, as well as configuration details and other critical information
  • Continuous vulnerability monitoring provides real-time information on critical exposures and how to mitigate them
  • Unified log review and analysis, with triggered alerts for high risk systems
Cyber Security – Bulk Electric System (BES) Cyber System Categorization
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless Intrusion Detection (WIDS)
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Automatically discover all assets via built-in asset discovery—highlight high value assets based on available services, configuration and traffic generated
  • Validate effectiveness of layered controls through built-in essential security such as asset discovery, vulnerability assessment, file integrity monitoring, IDS, log management and more
  • Built-in service availability monitoring detects critical service interruptions or misconfigurations that could signal a threat
  • Securely store raw event log data for investigation and forensic analysis
Cyber Security – Security Management Controls
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless IDS (WIDS)
  • File Integrity Monitoring
  • SIEM / event correlation
  • Log Management
  • Behavioral Monitoring
  • AlienVault USM provides continuous capture and real-time monitoring of a broad range of data, including: events/ logs; configuration data; asset data; vulnerability data; and network flow data
  • Built-in host-based IDS can be implemented on systems with highly sensitive data to ensure data integrity, availability and confidentiality
  • File Integrity Monitoring alerts on changes to critical files which could signal a threat
  • Built-in threat detection, behavioral monitoring and event correlation signals information leakage and other attacks in progress—for example, unauthorized access followed by additional security exposures such as sensitive data exfiltration
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations.
Cyber Security – Electronic Security Perimeter(s)
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Wireless Intrusion Detection (WIDS)
  • Behavioral Monitoring / Netflow Analysis
  • SIEM / event correlation
  • Log Management
  • Continuous vulnerability monitoring will identify any misconfigurations that would expose internal systems to external access
  • Built-in network IDS and wireless IDS detect attacks against perimeter devices and wireless access points
  • Unified netflow analysis and event correlation monitors traffic and issues alerts on policy violations and incidents including breach of network perimeter security controls
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations
Cyber Security – Physical Security of Critical Cyber Assets
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless Intrusion Detection (WIDS)
  • File Integrity Monitoring
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Situational Awareness
  • Built-in and automated asset discovery will identify all IP-enabled physical security systems (keycard / proximity card devices)
  • AlienVault’s Logger will record all physical security access events logged by proximity card systems for correlation with other logical systems (access to servers in data center)
  • Built-in wireless IDS will identify unauthorized access attempts to wireless access points at each physical location (offices, data centers, etc.)
Cyber Security – Physical Security of BES Cyber Systems
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless Intrusion Detection (WIDS)
  • File Integrity Monitoring
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Situational Awareness
  • Built-in and automated asset discovery will identify all IP-enabled physical security systems (keycard / proximity card devices)
  • AlienVault’s Logger will record all physical security access events logged by proximity card systems for correlation with other logical systems (access to servers in data center)
  • Built-in wireless IDS will identify unauthorized access attempts to wireless access points at each physical location (offices, data centers, etc.)
Cyber Security – Systems Security Management
  • Asset Discovery & Inventory
  • Log Management
  • Behavioral Monitoring
  • SIEM / event correlation
  • Built-in asset discovery and inventory provides granular details on device configuration, installed software, and ownership details to track users with associated devices
  • Log management provides secure storage of raw event log data for detailed audit trails of user activity
  • Built-in behavioral monitoring identifies suspicious user activity and alerts on policy violations and potential insider threats
Cyber Security – Incident Reporting and Response Planning
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host-based Intrusion Detection (HIDS)
  • Log Management
  • File Integrity Monitoring
  • SIEM / event correlation
  • Built-in asset discovery, vulnerability assessment, threat detection, behavioral monitoring, and security intelligence— accelerates the incident response process
  • Unified log review and analysis, with triggered alerts for high risk systems
  • Customized, action-oriented alerts which tell you exactly what to do next when responding to incidents
  • Integrated threat data backed by AlienVault Labs and the Open Threat Exchange (OTX™)
Cyber Security – Configuration Change Management and Vulnerability Assessments
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless IDS
  • File Integrity Monitoring
  • SIEM / event correlation
  • On-board trouble ticket system
  • Built-in asset discovery provides dynamic inventory of all devices on the network and all software installed
  • Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices
  • File Integrity Monitoring alerts on changes to critical files which could signal a threat
  • Built-in service availability monitoring detects critical service interruptions or misconfigurations that could signal a threat
  • Integrated trouble ticket system provides seamless workflows for scheduling scans, remediating vulnerabilities and investigating incidents
Cyber Security – Information Protection
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host-based Intrusion Detection (HIDS)
  • Wireless IDS
  • File Integrity Monitoring
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Executive dashboards and reports
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords
  • Built-in host-based intrusion detection (HIDS) and File Integrity Monitoring will signal when password files and other critical system files have been modified
  • Unified security intelligence connects critical, yet related events across systems such as a password change followed by exfiltration of data from the same device
  • Built-in network flow analysis monitors network traffic and protocols to identify anomalous activity and policy violations
  • Event correlation rules provide the situational awareness needed to identify potential data exfiltration
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations

Next Steps

Test Drive

Free Trial

Download your free 30-day trial
Live Demo

Live Demo

Request a live demo and get your questions answered
Learn More

Learn More

Learn more about AlienVault Unified Security Management
Contact Us

Contact Us

1.855.425.4367
sales@alienvault.com