PCI DSS

Accelerate NERC
CIP Compliance

AlienVault Unified Security Management™ (USM) simplifies and accelerates NERC compliance for teams with limited staff and budget by delivering essential security controls, event correlation, and threat intelligence, built into one solution.

Watch a 90-Second Demo

Trusted by thousands of customers.

Bumble Bee TunaCareer BuilderDole FoodsHyattPappas RestaurantsSubaruAmy'sHuluU.S. Air ForceeHarmonyOklahoma UniversityUbisoftTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings IncDaveyRegis UniversityLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass CellularBank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake Shack

Get the Cyber System Security Visibility
You Need for NERC CIP v5

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are specific guidelines to the power industry to ensure reliability and security standards for bulk electric system (BES). The NERC CIP standards specifically address security requirements, including:

  • Risk-based assessment
  • Security management
  • Perimeter and physical security
  • Remote access
  • Incident response & investigation
  • Configuration change management
  • Vulnerability assessment
  • Information protection

With v5 of NERC CIP, virtually all BES facilities are now in-scope with at least one of the requirements of NERC CIP. Providers now need to assess their BES to identify systems as low, medium, or high impact to determine their compliance requirements.

AlienVault USM™ delivers the NERC CIP compliance software that simplifies your BES infrastructure assessment and compliance.

Built for IT Teams with Limited Resources

  • Essential security controls built-in
  • Automated analysis and alerting
  • Centralized console for single view

Unified Approach Accelerates Infrastructure Assessment

  • Essential security controls built in
  • Not a “one-size-fits-all” approach
  • Do more with less

Threat Intelligence Prioritizes Threat Detection and Response

  • AlienVault Labs updates
  • Indicators of Compromise (IOCs)
  • Detailed response guidance

Built for IT Teams with
Limited Resources

AlienVault USM provides all of the essential security capabilities you need in one platform. Built specifically for IT teams with limited budget for technology and security staff, the USM platform eliminates the need for you to spend your scarce resources deploying and managing stand-alone products. The wide range of security technologies in the USM platform work together as a single system.

You’ll see the benefit of the unified approach almost immediately–the USM platform automatically starts collecting and analyzing your network activity using its built-in data sources as soon as it’s installed (you can also integrate data from your existing tools and applications using our extensive plugin library). The correlation engine, utilizing the pre-configured correlation directives created by the AlienVault Labs threat research team, will begin identifying malicious activity and emerging threats in your network and provide you with guidance on how to respond.

The centralized management console puts everything at your fingertips: data about the systems on your network, their security status, and actionable threat intelligence to respond to threats quickly.

Request a Demo

Read the Solution Brief

USM Sample NERC CIP Report

Unified Approach

The AlienVault USM platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats:

  • Asset Discovery
  • Vulnerability Assessment
  • Intrusion Detection
  • Behavioral Monitoring
  • Security Information and Event Management (SIEM)

AlienVault USM includes active and passive scanning technologies, allowing you to address the needs of your unique environment while meeting NERC CIP compliance requirements.

This unified approach means you can rely on the built-in security technologies and integrated threat intelligence to help you assess your BES and the impact of each system. Instead of spending valuable time gathering and analyzing data from across your network manually, you can utilize the monitoring, analysis and reporting capabilities that ship with the AlienVault USM platform to give you the essential information you need.

Accelerate Threat Detection
and Response with
AlienVault Threat Intelligence

To help you stay ahead of the evolving threat landscape and meet NERC CIP compliance, you need threat intelligence that enables you to quickly detect, prioritize and eliminate danger to your network.

AlienVault Labs delivers continuous updates to the built-in security controls to ensure your network is instrumented to detect the latest threats. And, the integration between our Open Threat Exchange (OTX) and your USM deployment means that you’re alerted whenever indicators of compromise (IOCs) being discussed in OTX are present in your network. These updates and the OTX integration enable USM to more easily identify emerging threats targeting your network, such as:

NERC CIP RequirementAlienVault USM CapabilitiesBenefits of Unified Security Management
Risk-Based Assessment of Bulk Electric Systems (BES) Cyber Systems
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host Intrusion Detection (HIDS)
  • Behavioral Monitoring
  • Log Management
  • SIEM / event correlation
  • Executive dashboards and reports
  • Automatically discover all assets via built-in asset discovery—highlight high, medium, and low impact BES Cyber Systems assets based on available services, configuration and traffic generated
  • Identify and enumerate software installed on each asset, as well as configuration details and other critical information
  • Validate effectiveness of layered controls and processes through built-in essential security capabilities such as asset discovery, vulnerability assessment, file integrity monitoring, host and network IDS, log management and more
  • Extensive report library plus ability to create custom report quickly
Security Management Controls
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Services Monitoring
  • Behavioral Monitoring
  • Log Management
  • SIEM / event correlation
  • Provides continuous capture and real-time monitoring of a broad range of data, including: events/ logs; configuration data; asset data; vulnerability data; and network flow (NetFlow) data
  • Host IDS monitors systems with highly sensitive data to ensure data integrity, availability and confidentiality
  • Network IDS detects malicious traffic
  • File Integrity Monitoring (FIM) alerts on changes to critical files which could signal a compromised system
  • Event correlation links disparate events to alert you to attacks in progress, such as unauthorized access followed by privilege escalation followed by communication with Command & Control (C&C) servers
  • USM identifies the most significant threats targeting your network with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations
Electronic Security Perimeters Including Interactive Remote Access
  • Ability to integrate data from any 3rd party data source
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Behavioral Monitoring
  • Log Management
  • SIEM / event correlation
  • Threat intelligence
  • Extensive plugin library for integrating security event data from existing systems and applications; customizable to integrate event data from any data source
  • Continuous vulnerability monitoring will identify any misconfigurations that would expose internal systems to external access
  • Detect unauthorized software running on systems
  • Built-in network IDS detect attacks against perimeter devices as well as malicious traffic inside the perimeter
  • Unified NetFlow analysis and event correlation monitors traffic and issues alerts on policy violations and incidents including breach of network perimeter security controls
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and switches, software (mission-critical apps or monitoring systems) or data type (e.g., sensitive information)
  • USM identifies the most significant threats targeting your network with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations
Physical Security of BES Cyber Systems
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Log Management
  • SIEM / event correlation
  • Threat intelligence
  • Built-in and automated asset discovery will identify all IP-enabled physical security systems (e.g., card key / proximity card devices, authentication devices, or IP cameras)
  • USM Logger will record all physical security access events logged by physical security systems for correlation with other logical systems (access to servers in data center)
  • Ability to create custom detection rules to identify attacks against physical security devices and systems
  • Alerts you whenever a user inserts a device into a USB port on a system you’re monitoring to detect unauthorized activity that can lead to data theft
Systems Security Management
  • Asset Discovery & Inventory
  • Log Management
  • Behavioral Monitoring
  • SIEM / event correlation
  • Threat intelligence
  • Built-in asset discovery and inventory provides granular details on device configuration, installed software, and ownership details to track users with associated devices
  • Log management provides secure storage of raw event log data for detailed audit trails of user activity
  • Built-in behavioral monitoring identifies suspicious user activity and alerts on policy violations and potential insider threats
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
Incident Reporting and Response Planning
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (IDS)
  • Host Intrusion Detection (HIDS)
  • Log Management
  • File Integrity Monitoring (FIM)
  • SIEM / event correlation
  • Threat intelligence
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM— accelerates the incident response process
  • Unified log review and analysis, with triggered alerts for high risk systems
  • Customized, action-oriented alerts which tell you exactly what to do next when responding to incidents Integrated threat data backed by AlienVault Labs and the Open Threat Exchange (OTX)
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
Configuration Change Management and Vulnerability Assessments
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • SIEM / event correlation
  • Threat intelligence
  • Built-in trouble ticket system
  • Built-in asset discovery provides dynamic inventory of all devices on the network and software installed
  • Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices
  • File Integrity Monitoring alerts on changes to critical files which could signal a threat
  • Built-in service availability monitoring detects critical service interruptions or misconfigurations that could signal a threat
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Integrated trouble ticket system provides seamless workflows for scheduling scans, remediating vulnerabilities and investigating incidents
Information Protection
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • SIEM / event correlation
  • Behavioral Monitoring
  • Log Management
  • Executive dashboards and reports
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords Built-in Host intrusion detection (HIDS) and File Integrity Monitoring will signal when password files and other critical system files have been modified
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and switches, software (mission-critical apps or monitoring systems) or data type (e.g., sensitive information)
  • Unified event correlation connects critical, yet related events across systems such as a password change followed by exfiltration of data from the same device
  • Built-in network flow (NetFlow) analysis monitors network traffic and protocols to identify anomalous activity and policy violations
  • Event correlation rules provide the situational awareness needed to identify potential data exfiltration
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Centralized, role-based access control for audit trails and event logs preserves “chain-of-custody” for data forensics and investigations
  • Extensive report library plus ability to create custom report quickly

Learn More About Compliance Management

Browse all Resources

Get Price Free Trial Chat