NERC CIP Compliance Software | AlienVault

Achieve NERC CIP Compliance

AlienVault Unified Security Management (USM) simplifies and accelerates NERC CIP Compliance for teams with limited staff and budget by delivering unified security essentials and threat intelligence for cloud and on-premises environments.

Watch a 90-Second Demo

Get the Cyber Security Visibility You Need for NERC CIP Compliance

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are specific guidelines to the power industry to ensure reliability and security standards for Bulk Electric System (BES). The NERC CIP reliability standards specifically address security requirements, including:

  • Risk-based assessment
  • Security management
  • Perimeter and physical security
  • Remote access
  • Incident response & investigation
  • Configuration change management
  • Vulnerability assessment
  • Information protection

With v5 of NERC CIP, virtually all BES facilities are now in-scope with at least one of the requirements of NERC CIP. Providers now need to assess their BES to identify systems as low, medium, or high impact to determine their compliance requirements.

AlienVault USM™ delivers the NERC CIP compliance software that simplifies your BES infrastructure assessment and compliance.

Built for IT Teams with Limited Resources

  • Essential security controls built-in
  • Automated analysis and alerting
  • Centralized console for single view

Unified Approach Accelerates Infrastructure Assessment

  • Essential security controls built in
  • Not a “one-size-fits-all” approach
  • Do more with less

Threat Intelligence Prioritizes Threat Detection and Response

  • AlienVault Labs updates
  • Indicators of Compromise (IOCs)
  • Detailed response guidance
Reviews of AlienVault Unified Security Management™ on  Software Reviews on TrustRadius

Built for IT Teams with Limited Resources

AlienVault USM provides all the essential security capabilities you need for NERC CIP compliance in a unified platform. Built specifically for IT teams with limited budget for technology and security staff, the USM platform eliminates the need for you to spend your scarce resources deploying and managing stand-alone products. The wide range of security technologies in the USM platform work together as a single system.

You’ll see the benefit of the unified approach almost immediately–the USM platform automatically starts collecting and analyzing data on your critical infrastructure using its built-in data sources as soon as it’s installed. You can also integrate data from your existing tools and applications using our extensive plugin library.

The correlation engine in USM, utilizing the pre-configured correlation rules created by the AlienVault Labs Security Research Team, identify malicious activity and emerging threats in your environment and provide you with guidance on how to respond.

The centralized management console puts everything at your fingertips: data about the assets in your environment, their vulnerability status, and actionable threat intelligence to respond to threats quickly.

Explore the Online Demo

Read the Solution Brief

USM Sample NERC CIP Report

Unified Approach Accelerates Infrastructure Assessment

The AlienVault USM platform provides essential security capabilities in a single console, giving you everything you need to manage your compliance program and detect emerging security threats:

  • Asset Discovery & Inventory
  • Vulnerability Management
  • Intrusion Detection
  • Behavioral Monitoring
  • Security Information and Event Management (SIEM)
  • Log Management

AlienVault USM includes built-in asset and vulnerability scanning technologies, allowing you to address the needs of your unique environment while meeting NERC CIP compliance requirements.

This unified approach means you can rely on the built-in security technologies and integrated threat intelligence to help you assess your BES and the impact of each system. Instead of spending valuable time gathering and analyzing data from across your critical infrastructure manually, you can utilize the monitoring, analysis and reporting capabilities that ship with the AlienVault USM platform to give you the essential information you need.

Accelerate Threat Detection and Response with AlienVault Threat Intelligence

To help you stay ahead of the evolving threat landscape and meet NERC CIP compliance requirements, you need the latest threat intelligence that enables you to quickly detect, prioritize and eliminate danger to your network.

AlienVault Labs Security Research Team delivers continuous updates to USM’s built-in security controls to ensure your environment is instrumented to detect the latest threats. The team leverages the community-sourced threat intelligence from the Open Threat Exchange™ (OTX™), so you get threat intelligence updates that reflect what’s happening “in the wild” on a global scale.

Continuous threat intelligence updates enable USM to more easily identify emerging threats targeting your environment, such as:

  • Suspicious system behavior like abnormal network flows and protocol usage
  • Command and Control (C&C) communication
  • Malware infections (rootkits, botnets, remote access trojans, and more)
  • Access attempts by bad actors
  • Escalation of privilege for specific user accounts

 

NERC CIP Requirement
AlienVault USM Capabilities
Benefits of Unified Security Management
NERC CIP Requirement:

Risk-Based Assessment of Bulk Electric Systems (BES) Cyber Systems

AlienVault USM Capabilities
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • Behavioral Monitoring
  • Log Management
  • SIEM / Event Correlation
  • Executive Dashboards and Reports
Benefits of Unified Security Management:
  • Automatically discover all assets via built-in asset discovery—highlight high, medium, and low impact BES Cyber Systems assets based on available services, configuration, and traffic generated
  • Identify and enumerate services running on each asset, as well as configuration details and other critical information
  • Validate effectiveness of layered controls and processes through built-in essential security capabilities such as asset discovery, vulnerability assessment, intrusion detection, log management and more
  • Flexible data search and analytics to create custom views and to report quickly
NERC CIP Requirement:

Security Management Controls

AlienVault USM Capabilities
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Services Monitoring
  • Behavioral Monitoring
  • Log Management
  • SIEM / Event Correlation
Benefits of Unified Security Management:
  • Provides continuous capture and real-time monitoring of a broad range of data, including: events and logs; configuration data; asset data; vulnerability data; and network traffic
  • Host IDS monitors systems with highly sensitive data to ensure data integrity, availability and confidentiality
  • Network IDS detects malicious traffic on your on-premises infrastructure
  • File Integrity Monitoring (FIM) alerts on changes to critical files which could signal a compromised system
  • Event correlation links disparate events to alert you to attacks in progress, such as unauthorized access followed by privilege escalation followed by communication with Command & Control (C&C) servers
  • USM identifies the most significant threats targeting your network with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
NERC CIP Requirement:

Electronic Security Perimeters Including Interactive Remote Access

AlienVault USM Capabilities
  • Ability to Integrate Data from any 3rd Party Data Sources
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Behavioral Monitoring
  • Log Management
  • SIEM / Event Correlation
  • Threat Intelligence
Benefits of Unified Security Management:
  • Extensive plugin library for integrating security event data from existing systems and applications
  • Continuous vulnerability monitoring will identify any misconfigurations that would expose internal systems to external access
  • Built-in network IDS detect attacks against perimeter devices as well as malicious traffic inside the on-premises perimeter
  • Unified traffic analysis and event correlation monitors traffic and issues alerts on policy violations and incidents including breach of network perimeter security controls
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and switches, software (mission-critical apps or monitoring systems) or data type (e.g., sensitive information)
  • USM identifies the most significant threats targeting your environment with timely, relevant threat intelligence that provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
NERC CIP Requirement:

Physical Security of BES Cyber Systems

AlienVault USM Capabilities
  • Asset Discovery and Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • Log Management
  • SIEM / Event Correlation
  • Threat Intelligence
Benefits of Unified Security Management:
  • Built-in and automated asset discovery will identify all IP-enabled physical security systems (e.g., card key / proximity card devices, authentication devices, or IP cameras)
  • The USM Appliance Logger will record all physical security access events logged by physical security systems for correlation with other logical systems (access to servers in data center)
  • Ability to create custom alarms to identify attacks against physical security devices and systems Alerts you whenever a user inserts a device into a USB port on a system you’re monitoring to detect unauthorized activity that can lead to data theft
NERC CIP Requirement:

Systems Security Management

AlienVault USM Capabilities
  • Asset Discovery & Inventory
  • Log Management
  • Behavioral Monitoring
  • SIEM / Event Correlation
  • Threat Intelligence
Benefits of Unified Security Management:
  • Built-in asset discovery and inventory provides granular details on device configuration, services, and ownership details to track users with associated devices
  • Log management provides secure storage of raw event log data for detailed audit trails of user activity
  • Built-in behavioral monitoring identifies suspicious user activity and alerts on policy violations and potential insider threats
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
NERC CIP Requirement:

Incident Reporting and Response Planning

AlienVault USM Capabilities
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • Log Management
  • File Integrity Monitoring (FIM)
  • SIEM / Event Correlation
  • Threat Intelligence
Benefits of Unified Security Management:
  • Built-in asset discovery, vulnerability assessment, intrusion detection, behavioral monitoring, and SIEM— accelerates the incident response process
  • Unified log review and analysis, with triggered alerts for high risk systems
  • Customized, action-oriented alerts which tell you exactly what to do next when responding to incidents
  • Integrated threat data backed by AlienVault Labs and the Open Threat Exchange (OTX)
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
NERC CIP Requirement:

Configuration Change Management and Vulnerability Assessments

AlienVault USM Capabilities
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • SIEM / Event Correlation
  • Threat Intelligence
Benefits of Unified Security Management:
  • Built-in asset discovery provides dynamic inventory of all devices on the network and software installed
  • Continuous vulnerability monitoring identifies all vulnerabilities targeting critical systems, servers, applications and network devices
  • File Integrity Monitoring alerts on changes to critical files which could signal a threat
  • Built-in service availability monitoring detects critical service interruptions or misconfigurations that could signal a threat
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Unified controls for scheduling scans, identifying vulnerabilities and investigating incidents
NERC CIP Requirement:

Information Protection

AlienVault USM Capabilities
  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • Cloud Intrusion Detection (CIDS)
  • Network Intrusion Detection (NIDS)
  • Host Intrusion Detection (HIDS)
  • File Integrity Monitoring (FIM)
  • SIEM / Event Correlation
  • Behavioral Monitoring
  • Log Management
  • Executive Dashboards and Reports
Benefits of Unified Security Management:
  • Built-in, automated vulnerability assessment identifies the use of weak and default passwords Built-in Host intrusion detection (HIDS) and File Integrity Monitoring will signal when password files and other critical system files have been modified
  • Group assets quickly based on range of criteria including hardware type (e.g., servers and switches, software (mission-critical apps or monitoring systems) or data type (e.g., sensitive information)
  • Unified event correlation connects critical, yet related events across systems such as a password change followed by exfiltration of data from the same device
  • Built-in network flow analysis monitors on-premises network traffic and protocols to identify anomalous activity and policy violations
  • Event correlation rules provide the situational awareness needed to identify potential data exfiltration
  • Integrated threat intelligence provides every detail you need in the alarm: what’s being attacked, who is the attacker, what is their objective, and how to respond
  • Flexible data search and analytics to create custom views and to report quickly
Watch a Demo ›
GET PRICE FREE TRIAL CHAT