be_ixf;ym_202403 d_18; ct_50

ISO 27001 compliance

Quickly gain essential security controls you expect from ISO 27001 compliance software in one powerful product.

Watch the 2-minute overview

ISO 27001 compliance

TAKE A TEST DRIVE:

Explore USM Anywhere with our 14-day free trial!

Accelerate ISO 27001 Compliance

ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide a worldwide standard for information security.

Achieving ISO 27001 compliance can be challenging for many organizations because of its broad scope, especially for organizations with limited resources. Yet, you can accelerate ISO 27001 information security compliance by simplifying, consolidating, and automating essential security controls for threat detection and incident response.

Unified Security Management® (USM) does just that. The unified platform delivers multiple essential security capabilities needed to demonstrate ISO 27001 security compliance as well as out-of-the-box reporting templates specifically for ISO 27001. With USM, you can be ready for your compliance audit sooner and with greater confidence.

The USM platform delivers the essential security management you need for ISO 27001 security compliance, including

Unified Asset Discovery & Vulnerability Assessment

  • Asset discovery & inventory
  • Vulnerability assessment

Continuous Security Monitoring

  • Automated log collection and storage
  • File integrity monitoring ingestion and reporting
  • SIEM event correlation

Flexible Security Analytics Dashboards & Reports

  • Pre-built reporting templates for ISO 27001
  • Flexible, customizable data views accelerate audit responses

Unified Asset Discovery and Vulnerability Assessment

A fundamental component of ISO 27001 compliance is creating and maintaining a comprehensive asset inventory. USM includes automated asset discovery capabilities that give you full and always up‑to‑date visibility of the devices that are on your cloud and on-premises environments.

Using this asset inventory, USM performs vulnerability assessment and alerts you to the vulnerabilities on those assets that could be exploited by an attacker. With a unified view of your assets and vulnerabilities prioritize by risk severity, you can prioritize your remediation activities to deal with the most severe vulnerabilities or most business‑critical assets first.

In addition, USM correlates intrusion detection data from its built‑in IDS capabilities with asset and vulnerability information, so you know which of your vulnerabilities are actively being exploited in your environment.

Continuous Security Monitoring with USM

ISO 27001 compliance requires the aggregation of event data from multiple systems into a single view. USM delivers the security visibility you need in a single platform – saving you the time and expense of manually aggregating this data.

Because the USM platform combines multiple essential security controls, it provides a consolidated view of the information you need to detect policy violations and to reduce time to compliance.

  • Automated log collection and storage consolidates security events from across your cloud and on-premises environments
  • Built-in Intrusion Detection Systems (IDS) detect malicious activity targeting your assets
  • File Integrity Monitoring (FIM) detects changes in critical files on-premises
  • SIEM event correlation alerts you to the active threats against your critical infrastructure

This unified approach allows you to quickly answer the critical questions that are required for ISO 27001 compliance:

  • What are my critical assets and how are they configured?
  • Where are my critical assets located?
  • How is my environment segmented to limit access to these assets?
  • Who (users and machines) has access to these resources?
  • What are the vulnerabilities that affect my compliance status?
  • What constitutes baseline or “normal” activity in my network?
  • Which users are violating policies?
  • What are my privileged users doing?

Demonstrate ISO 27001 Compliance with Pre‑Built Reports & Dashboards

Whether to manage the daily monitoring of your environment, to present the state of your security to your management, or to demonstrate to your auditor that your security controls are in place and fully functional, having reporting and data visualization capabilities can save you significant time and effort.

The rich reporting and data visualization features in USM make it simple and fast to get the security visibility you need. The platform delivers pre-built reports that map directly to ISO 27001 requirements. You can easily customize and export any of the compliance reports to satisfy an auditor’s specific request.

USM includes the following ISO 27001 reports:

ISO 27001 A.6.1.4 Contact with special interest groups
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained.

ISO 27001 A.8.1.1 Inventory of assets
Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained.

ISO 27001 A.8.1.2 Ownership of assets
Assets maintained in the inventory shall be owned.

ISO 27001 A.8.2.1 Classification of information
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification.

ISO 27001 A.8.2.2 Labeling of information
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization

ISO 27001 A.11.2.6 Security of equipment and assets off‑premises
Security shall be applied to off-site assets taking into account the different risks of working outside the organization’s premises.

ISO 27001 A.12.2.1 Controls against malware
Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness.

ISO 27001 A.12.4.1 Event logging
Event logs recording user activities, exceptions, faults and information security events shall be produced, kept and regularly reviewed.

ISO 27001 A.12.4.2 Linux: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.

ISO 27001 A.12.4.2 Windows: Protection of log information
Logging facilities and log information shall be protected against tampering and unauthorized access.

ISO 27001 A.12.7.1 Information systems audit controls
Audit requirements and activities involving verification of operational systems shall be carefully planned and agreed to minimize disruptions to business processes.

ISO 27001 A.16.1.2 Reporting information security events
Information security events shall be reported through appropriate management channels as quickly as possible.

ISO 27001 A.16.1.4 Assessment of and decision on information security events
Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.

ISO 27001 A.18.2.2 Compliance with security policies and standards
Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.

ISO 27001 A.18.2.3 Technical compliance review
Information systems shall be regularly reviewed for compliance with the organization’s information security policies and standards.

Areas Where USM Can Support Adoption of ISO 27001

ISO 27001 Control Objective
ISO 27001 Control
Examples of How the USM Platform Helps
A.8 - Asset Management
ISO 27001 Control Objective:

A.8.1 - Responsibility for assets

ISO 27001 Control:

A.8.1.1 - Inventory of Assets

Examples of How the USM Platform Helps:
  • Discovers and supports review of changes to asset inventory, including physical and virtual assets running on-premises, and in cloud environments (including Azure, VMware, Hyper-V, AWS)
  • Inventories and support review of changes to the operating systems, software applications, and services running within discovered assets
  • Asset Groups deliver dynamically- or analyst-defined grouping of assets, such as business critical assets, HIPAA assets, PCI assets, Windows assets, and more
A.9 - Access Control
ISO 27001 Control Objective:

A.9.2 - User Access Management

ISO 27001 Control:

A.9.2.2 - User access provisioning

Examples of How the USM Platform Helps:
  • Monitors and logs the provisioning and de-provisioning of user accounts on endpoints, in Office 365 (Azure Active Directory), in G Suite, and in authentication products like Okta
ISO 27001 Control Objective:

A.9.2 - User Access Management

ISO 27001 Control:

A.9.2.3 - Management of privileged access rights

Examples of How the USM Platform Helps:
  • Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory and Okta, and to Office 365 and G Suite
  • Monitors public and dark web sources for the trade or communication of stolen organizational and select personal credentials (e.g. of key individuals within the organization) that could be used for malicious intent
A.12 - Operations Security
ISO 27001 Control Objective:

A.12.2 - Protection from malware

ISO 27001 Control:

A.12.2.1 - Controls against malware

Examples of How the USM Platform Helps:
  • Identify systems susceptible to known vulnerabilities, or that may not have antivirus installed and/or operational
  • Monitor for indicators of malware-based compromise, such as communication to a known Command & Control (C&C, or C2) Server
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), ensures that AlienVault USM has the latest correlation directives and IDS rules to detect malware, and guided threat response to provide context on the attack - saving analysts precious time and allowing them to focus on detecting and responding
ISO 27001 Control Objective:

A.12.4 - Logging and monitoring

ISO 27001 Control:

A.12.4.1 - Event logging

Examples of How the USM Platform Helps:
  • Aggregates events and log data, including user and administrator activity, from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite
  • File Integrity Monitoring can detect and log access and changes to critical system and application data and configuration files, and to the Windows Registry
  • AlienVault USM Anywhere stores alarms and events in 'hot storage' for up to 90-days, enabling rapid search and inspection, and raw events in 'cold', long-term storage for at least 365 days for offline investigation and evidence
ISO 27001 Control Objective:

A.12.4 - Logging and monitoring

ISO 27001 Control:

A.12.4.2 - Protection of log information

Examples of How the USM Platform Helps:
  • AlienVault USM Anywhere is attested compliant with PCI DSS, HIPAA, SOC 2, and ISO 27001, demonstrating the necessary controls to assure the confidentiality, integrity, and availability of the service and data
  • File Integrity Monitoring can detect and log access and changes to critical system and application configuration and log files, and to the Windows Registry, detecting any attempt to delete or prevent the processing of log data
ISO 27001 Control Objective:

A.12.4 - Logging and monitoring

ISO 27001 Control:

A.12.4.3 - Administrator and operator logs

Examples of How the USM Platform Helps:
  • Monitors and logs successful and failed logon events to assets across your on-premises and cloud environments, as well as to cloud applications including Office 365 and G Suite
  • Monitors and logs successful and failed logon attempts to external applications through Azure Active Directory and Okta, and to Office 365 and G Suite
  • Monitor for changes to Office 365 policies such as Data Leakage Protection (DLP), information management, and more
  • Monitors user and administrator activities, including access and modification of files and content, in on-premises and cloud-hosted assets, and in cloud applications such as Office 365 and G Suite
ISO 27001 Control Objective:

A.12.4 - Logging and monitoring

ISO 27001 Control:

A.12.4.4 - Clock synchronization

Examples of How the USM Platform Helps:
  • Monitor and alarm on Group Policy errors, which could indicate issues or attempts to disable clock synchronization
  • File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate issues or attempts to disable clock synchronization
ISO 27001 Control Objective:

A.12.6 - Technical Vulnerability Management

ISO 27001 Control:

A.12.6.1 - Management of technical vulnerabilities

Examples of How the USM Platform Helps:
  • Regularly scheduled vulnerability scans Identify known vulnerabilities on assets across your environments, identifying the respective CVE code for the vulnerability, and using the corresponding CVSS score to rank the vulnerability as high, medium or low priority
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that USM is operating with the latest correlation directives, vulnerability signatures, IDS rules, reports, and guided threat responses
  • Outlines recommended patches for discovered vulnerabilities
A.13 - Communications Security
ISO 27001 Control Objective:

A.13.1 - Network security management

ISO 27001 Control:

A.13.1.1 - Network controls

Examples of How the USM Platform Helps:
  • Monitors and correlates events gathered from network traffic (network IDS, cloud IDS) and network devices (routers, switches, firewalls, and more) to identify anomalous network traffic, such as communication to a known malicious server
  • Classifies threats across a kill-chain taxonomy to inform the risk level of that threat
  • Monitors public and dark web sources for the trade or communication of stolen credentials
  • Continuously updated threat intelligence from AlienVault Labs and the AlienVault Open Threat Exchange (OTX) ensures that AlienVault USM is operating with the latest correlation directives, IDS rules, Indicators of Compromise, guided threat responses and more - saving analysts precious time and allowing them to focus on detecting and responding
ISO 27001 Control Objective:

A.13.2 - Information transfer

ISO 27001 Control:

A.13.2.3 - Electronic messaging

Examples of How the USM Platform Helps:
  • Monitors for phishing or malware attacks against email services, including Office 365 and G Suite
  • Audit administrator actions, including mailbox creation and deletion, or changing configurations that could disable protection mechanisms such as encryption or data leakage protection
  • Know when users access mailbox folders, purse deleted items, access other mailbox accounts, and more
  • Be alerted to changes to Exchange policies that could let in malware
A.14 - System acquisition, development and maintenance
ISO 27001 Control Objective:

A.14.1 - Security requirements of information systems

ISO 27001 Control:

A.14.1.2 - Security application services on public networks

Examples of How the USM Platform Helps:
  • Monitor and alarm on Group Policy errors, which could indicate attempts to disable local security services and introduce misconfigurations that compromise asset integrity and security
  • File Integrity Monitoring can detect changes and access to critical system and application configuration files, and Windows Registry entries, which could indicate installation of malware or disabling protection mechanisms like two-factor authentication or encryption
ISO 27001 Control Objective:

A.14.1 - Security requirements of information systems

ISO 27001 Control:

A.14.1.3 - Protection application services transactions

Examples of How the USM Platform Helps:
  • Monitors and correlates events gathered from network traffic (network IDS, cloud IDS) and network devices (routers, switches, firewalls, and more) to identify anomalous network traffic, such as communication of transactions and data to a known malicious server
A.16 - Information security incident management
ISO 27001 Control Objective:

A.16.1 - Management of information security incidents and improvements

ISO 27001 Control:

A.16.1.2 - Reporting information security events

Examples of How the USM Platform Helps:
  • Enables creation of different user accounts that grant access the USM console for inspection and review of alarms, events, and reports
  • Built-in notification capabilities enable analysts to be alerted to alarms through email, SMS, DataDog, Slack, and PagerDuty
  • Using the AlienApp for ServiceNow or AlienApp for JIRA, provides ability to manually or automatically generate a ticket within ServiceNow in response to a detected alarm
ISO 27001 Control Objective:

A.16.1 - Management of information security incidents and improvements

ISO 27001 Control:

A.16.1.4 - Assessment of and decision on information security events

Examples of How the USM Platform Helps:
  • Uses machine learning and state-based correlation capabilities to detect threats, and then classifies alarms using a kill-chain taxonomy to inform the risk level of that threat
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), ensures that USM is operating with the latest correlation directives and context on those threats to support comprehension and incident response decision making
ISO 27001 Control Objective:

A.16.1 - Management of information security incidents and improvements

ISO 27001 Control:

A.16.1.5 - Response to information security incidents

Examples of How the USM Platform Helps:
  • Continuously updated threat intelligence from the AlienVault Labs Team, and from the AlienVault Open Threat Exchange (OTX), provides recommendations on how to respond to different incident types guided threat response and more
  • With AlienAppsTM, enables orchestrated manual and automated actions to be executed to contain threats, such as open incident tickets in ticketing systems like Jira and ServiceNow, isolating systems from the network using solutions like Carbon Black, and more.
ISO 27001 Control Objective:

A.16.1 - Management of information security incidents and improvements

ISO 27001 Control:

A.16.1.6 - Learning from information security incidents

Examples of How the USM Platform Helps:
  • With the AlienApp for Forensics and Response, enables forensics tasks to be executed manually or automatically in response to a detected threat
  • Provides forensics investigation using rich filter and search capabilities, and reporting, against event and log data that is centrally aggregated and retained from across your on-premises and cloud environments and applications
ISO 27001 Control Objective:

A.16.1 - Management of information security incidents and improvements

ISO 27001 Control:

A.16.1.7 - Collection of evidence

Examples of How the USM Platform Helps:
  • Aggregates events and log data from across your on-premises and cloud environments, and cloud applications including Office 365 and G Suite, into long term log storage
  • Maintains searchable database of events for up to 90-days, with long-term storage of at least 365 days.
A.17 - Information security assets of business continuity management
ISO 27001 Control Objective:

A.17.1 - Information security continuity

ISO 27001 Control:

A.17.1.2 - Implementing information security continuity

Examples of How the USM Platform Helps:
  • AlienVault USM Anywhere is a SaaS service, offered with high availability, to ensure continuity of service that is completely separate from a customer's environment
  • AlienVault utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.
A.18 - Compliance
ISO 27001 Control Objective:

A.18.1 - Compliance with legal and contractual requirements

ISO 27001 Control:

A.18.1.3 - Protection of records

Examples of How the USM Platform Helps:
  • AlienVault USM Anywhere is a SaaS service, offered with high availability, to ensure continuity of service that is completely separate from a customer's environment
  • AlienVault utilizes a mix of disaster-tolerant architectures and processes including deployment across availability zones, being hosted in multiple, geographically-separate data centers, and using highly durable storage (99.999999999% durability) for event and log data.
  • AlienVault USM Anywhere is attested as compliant against several regulatory and cybersecurity standards, including PCI DSS, HIPAA, SOC 2, and ISO 27001.
Get price Free trial