Protective Monitoring: GPG13 Compliance Software | AlienVault

Protective Monitoring: GPG 13 Compliance

AlienVault® Unified Security Management™ (USM™) delivers the essential security controls you need to accelerate and simplify your compliance with the twelve protective monitoring controls within the Good Practice Guide 13 (GPG 13).

Understand Who is Accessing Your Organisation’s Sensitive Data

Achieving compliance with GPG 13’s twelve Protective Monitoring Controls (PMC) is challenging—especially for organisations managing competing priorities, limited budgets, and small IT security teams. The secret to success is to consolidate, automate, and simplify the essential security controls and data analysis to quickly detect threats and prioritise your response.

AlienVault’s USM platform is designed specifically for IT teams with limited resources to deliver the protective monitoring you need to achieve GPG 13 compliance and reduce risk.

Its built-in data sources eliminate the need to purchase and manage multiple security point products, and the integrated threat intelligence automatically alerts you to emerging threats.

Comprehensive Visibility

  • Gain operational insight with built-in security controls that provide essential monitoring
  • Understand who is accessing your organisation’s sensitive data
  • Import data from your existing systems quickly to supplement AlienVault USM’s data sources
  • Manage all configuration, analysis and reporting from a single console

Integrated Threat Intelligence

  • Focus on responding to threats rather than researching every alert
  • Eliminate the need to create correlation rules to detect related events across your network
  • Utilise context-specific response guidance to know where and how to respond to threats

Comprehensive Visibility

The AlienVault USM platform puts up-to-the-minute security and threat information about systems, data, and users at your fingertips. You access this information via a single management console, which gives you complete security visibility and provides you with a unified threat detection and GPG 13 compliance management solution.

AlienVault Labs Threat Intelligence keeps the security controls built into AlienVault USM up to date. These continuous updates, coupled with a robust, customizable reporting engine, provides the protective monitoring you need.

The AlienVault USM platform also tells you what assets are in your environment, their status and location, the severity of any vulnerability on those assets, and changes to any critical files or configuration. Additionally, it automatically detects suspicious and malicious traffic in your network and displays alarms in a ‘kill chain taxonomy’ that describes attack severity and attacker intent, minimizing the need for your IT team to research new threats.

You can also quickly integrate data into the AlienVault USM platform from your existing security and network infrastructure, such as :

  • Firewalls
  • UTMs (Unified Threat Management systems)
  • Next Gen Firewalls (NGFWs)
  • Web Application Firewalls (WAFs)

The security analytics engine can correlate data from any source, which is essential for comprehensive protective monitoring.

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

AlienVault USM Covers All 12 Protective Monitoring Controls

PMC Requirement
Relevant USM Capabilities
Examples of How AlienVault USM Help
PMC Requirement: 1. Accurate timestamp in logs

Provide a means to ensure that accounting and auditing logs record accurate timestamps.

Relevant USM Capabilities: Aware
  • Ensure all accounting and audit logs include a timestamp
  • Any Alerts generated must be timestamped and should reference the original audit log
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the USM solution. AlienVault’s Logger preserves the integrity of all audit logs collected, and timestamps each audit log, as well as any alerts that are generated related to the audit log.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Digitally sign the timestamp as a minimum
  • Hash the log file that stores the collected audit log
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Built-in host-based IDS alerts on policy violations such as failed access attempts to files on critical systems. Built-in file integrity monitoring captures anomalous changes to critical files and file systems such as access rights modifications, software configuration, and changes to storage volumes. Additionally, USM alerts when an attached device (e.g. USB drive) connects to a monitored host.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Hash the transaction and digitally sign, plus retain a copy of the audit log
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. AlienVault’s Logger preserves the integrity of all audit logs collected, which includes a digital signature, hash code and checksum. Additionally, the original audit log is retained.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the USM solution. AlienVault’s Logger preserves the integrity of all audit logs collected, which includes a digital signature, hash code and checksum. Additionally, the original audit log is retained.

PMC Requirement: 2. Recording relating to business traffic crossing a boundary

Define a set of Alerts and Reports that will identify authorized vs. non-authorized business traffic across the network boundary. This requires the ability to identify authorised vs. non-authorised traffic, transportation of malicious code is prevented and alerted, and the identification of the manipulation of other business traffic.

Relevant USM Capabilities: Aware
  • Report and Alert on Malware detected crossing the boundary
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the USM solution. AlienVault’s built-in IDS (network and host-based) will report and alert on detected malware—wherever it is on the network.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on:
    • Blocked web browsing activities
    • Failed file imports and exports across boundary
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Provided the gateway firewall or filtering proxy is configured properly, USM will report and alert on blocked activities and failed file imports and exports.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report on:
    • Failed file imports and exports across boundary and keep a copy of file content for auditing purposes
    • Failed file imports and exports across boundary and keep a copy of file content, Security Label and File Signature, for auditing purposes
    • Accepted web traffic across boundary
    • Accepted incoming and outgoing file transfers across boundary
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. Provided the gateway firewall or filtering proxy is configured properly, USM will report and alert on blocked activities and failed file imports and exports—through the correlation of the firewall/ proxy logs. Additionally, any accepted incoming and outgoing file transfers and web activity will also generate alerts and can be investigated using USM’s single-pane-of-glass incident response workflow, reporting and dashboards.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report on:
    • Accepted incoming and outgoing file transfers across boundary, including a copy of the file content
    • Accepted file imports and exports across boundary and keep a copy of file content, Security Label and File Signature, for auditing purposes
    • Files that have been placed in a file cache, including its URL, content, Security Label, Signature and time to live
    • Who has accessed file cache
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the USM solution. Provided the gateway firewall or filtering proxy is configured properly, USM will report and alert on blocked activities and failed file imports and exports—through correlation of the firewall/proxy logs. Additionally, any accepted incoming and outgoing file transfers and web activity will also generate alerts and can be investigated using USM’s single-pane-of-glass incident response workflow, reporting and dashboards.

PMC Requirement: 3. Recording relating to suspicious activity at a boundary

Define a set of alerts and Reports that will identify suspicious network traffic crossing the network boundary.

Relevant USM Capabilities: Aware
  • Report Deny or Dropped packets on Firewall
Examples of How AlienVault USM Help:

Provided the firewall is configured properly, USM will report and alert on all deny or dropped packets from the firewall.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on Critical console messages from boundary devices
  • Report and Alert on Authentication failures on boundary devices and systems
  • Report and Alert on suspected Attacks at the boundary
  • Report on:
    • Error console messages from boundary devices
    • User sessions on boundary devices and consoles
    • Changes to Firewall and boundary device rule base, including in response to a detected Attack
    • Status Change to security software monitoring tools, such as your Security Incident and Event Management, Intrusion Detection Software, Intrusion Prevention Software, etc.
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Quickly identify and isolate suspicious network traffic leveraging built-in security controls such as IDS, netflow analysis, event correlation, and log analysis. Additionally, dynamic incident response templates provide customized guidance for each alert.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report on:
    • Warning console messages from boundary devices
    • All commands issued to boundary devices or boundary consoles
    • Packets traversing the boundary device, including packet header, size and firewall interface
    • Packets traversing the boundary device, including full packet capture, size and firewall interface
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. Specifically, enabling sniffing on the AlienVault Sensor will provide full packet capture for in-depth network flow analysis and granular event correlation.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on all automated responses at the boundary
Examples of How AlienVault USM Help:

All of the necessary requirements for the lower recording profiles are satisfied with the USM solution. Specifically, reports and alerts can be easily set up to fire for all automated responses at the network boundary.

PMC Requirement: 4. Recording of workstation, server or device status

Define a set of Alerts and Reports that will identify configuration and status changes on internal workstations, servers and network devices.

Relevant USM Capabilities: Aware
  • Report and Alert on all Critical and above messages from hosts in scope
  • Report and Alert on all detected Malware on hosts in scope
  • Report on all Error messages from hosts in scope
  • Report on changes in status to Malware signature base
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the USM solution. Quickly identify and isolate malware outbreaks throughout your network leveraging built-in security controls such as host-based IDS, netflow analysis, event correlation, and log analysis.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report on:
    • Failed access attempts to files
    • Changes to File or directory access rights of system folders
    • Change to status of networked hosts
    • Change in status of attached devices connected to controlled hosts
    • Status of storage volumes of monitored hosts
    • Changes to software configuration of monitored hosts
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Built-in host-based IDS alerts on policy violations such as failed access attempts to files on critical systems. Additionally, built-in file integrity monitoring captures anomalous changes to critical files and file systems such as access rights modifications, software configuration, and changes to storage volumes.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on changes to system files or folders
  • Report on:
    • All critical messages below Warning level from hosts in scope
    • Changes to system configuration on monitored hosts
    • Changes to system processes on monitored hosts
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. Built-in host-based IDS and file integrity monitoring technologies alert on critical changes to system files and folders. These changes may include configuration changes as well as changes to key processes, critical for service availability monitoring and management.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report on:
    • Changes to software configuration of monitored hosts, including software inventory
    • Changes to system files, including before and after content
    • Changes to system configuration on monitored hosts, including before and after content
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the USM solution. Built-in host-based IDS and file integrity monitoring technologies alert on critical changes to system files and folders.

PMC Requirement: 5. Recording relating to suspicious internal network activity

Define a set of Alerts and Reports that will identify suspicious activity across internal network boundaries from either internal or external agents.

Relevant USM Capabilities: Aware
  • Report on all Deny or Dropped packets on the Firewall
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the USM solution. Provided the firewall is configured properly, USM will report and alert on all deny or dropped packets from the firewall.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on:
    • All Critical and above console messages from internal Firewalls
    • All Authentication Failures from internal network devices and monitoring consoles
  • Report on:
    • All Error status messages from the console or internal Firewalls
    • User sessions on the console or internal Firewalls
    • Change of status of Rule base on internal Firewalls and network devices
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Provided the firewall is configured properly, USM will report and alert on all necessary activities for the “Deter” recording profile. Specifically, USM will report and alert on error messages, authentication failures, user sessions, and rule base changes on firewalls and network devices. Additionally, these activities can be correlated against other relevant data to provide a full picture of suspicious network activity.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on suspected internal Attacks
  • Report on:
    • All Warning messages from internal network devices
    • All commands sent to network devices or firewalls
    • Accepted packets being transferred by internal firewalls
    • All Deny or Dropped packets on internal Firewall, including full packet capture
    • Response to internal attacks and actions undertaken
    • Status Change to internal security software monitoring tools, such as your Security Incident and Event Management, Intrusion Detection Software, Intrusion Prevention Software, etc.
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. Provided the firewall is configured properly, USM will report and alert on all necessary activities for the “Detect and Resist” recording profile. Specifically, our built-in threat detection and behavioral monitoring technologies are combined with event correlation rules to provide the security intelligence needed to identify suspected internal attacks.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on all automated response by internal IPS
  • Report on Accepted packets being transferred by internal firewalls, including full packet capture
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the USM solution. Specifically, enabling sniffing on the AlienVault Sensor will provide full packet capture for in-depth network flow analysis and granular event correlation.

PMC Requirement: 6. Recording relating to network connections

Define a set of Alerts and Reports that will identify temporary connections to the network, such as those made via a VPN or wireless connection.

Relevant USM Capabilities: Aware
  • Report and Alert on all remote Authentication Failures
  • Report and Alert on failed attempts to connect to the VPN
  • Report on:
    • DHCP assigned IP registration
    • Remote Access User sessions
    • Changes to VPN Node registrations
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the USM solution. Built-in log management and event correlation enables the collection and analysis of valid and invalid authentication attempts to VPN and other network devices. Other activities such as DHCP assignments, remote access user sessions, and changes to VPN node registrations are also logged and collected.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on:
    • Failed equipment connection attempts to protected network attachment points
    • Critical and above messages
    • Authentication Failures on network consoles
  • Report on:
    • Error messages from network consoles
    • All connection attempts to Wireless Access Points
    • User sessions to network connection consoles
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the USM solution. Specifically, failed connection attempts and authentication failures are captured and securely logged via AlienVault’s Logger.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on all suspected wireless attacks
  • Report on:
    • Commands issued on network connection consoles
    • Remediation steps taken in response to internal attack notification
    • Status changes to IPS, IDS signatures
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the USM solution. Additionally, built-in log management records commands issued on network connection consoles and dynamic incident response templates provide the detailed remediation steps needed for any internal or external attack activity. Finally, status changes to IDS signatures are also logged.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on non-approved wireless interfaces and wireless access points
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the AlienVault USM solution.

PMC Requirement: 7. Recording on session activity by user and workstation

Define a set of Alerts and Reports that will identify suspect user activity or allow forensic analysis of user activity within the network.

Relevant USM Capabilities: Aware
  • Report on:
    • User network sessions
    • User Account changes
    • User privilege or group changes
    • Administrator or super user application management
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the AlienVault USM solution. AlienVault’s built-in log management and event correlation engine collects, correlates and analyses logs from directory servers, Windows and Unix servers, and other devices to capture the full context of user activity.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Alert on User account lockouts
  • Report on User privilege escalation on critical workstations and all servers
  • Report on execution of accountable User transactions
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the AlienVault USM solution. Specifically, user account activity such as lockouts, transactions, and escalation of privilege will signal alerts.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report on User sessions on critical workstations
  • Report on local User account changes on critical workstations
  • Report on changes to local user account or group membership changes on critical workstations
  • Report on execution of all network commands and executables
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the AlienVault USM solution. Specifically, user account and administration activities such as session activity, changes on critical workstations, local user account and group membership changes as well as network commands will produce alerts and can be displayed in dashboard views and reports.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report on execution of accountable User transactions including the content of the transaction
  • Report on execution of all Workstation critical commands and executables
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the AlienVault USM solution. Specifically, user transactions and critical commands and executables are logged, and these events are processed and analysed by AlienVault’s event correlation engine to produce alerts and user activity reports.

PMC Requirement: 8. Recording of data backup status

Ensure a backup and recovery process is defined and adhered to, such that business can be confident of integrity and availability of the network resources.

Relevant USM Capabilities: Aware
  • Report on Backup, Test and Recovery operations
  • Alert on Backup, Test and Recovery operation failures
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the AlienVault USM solution. Notably, as long as backup, test and recovery operations are logged then AlienVault’s USM server can produce alerts when failures occur.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the AlienVault USM solution.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report on Backup, Test and Recovery operations including catalog details
Examples of How AlienVault USM Help: All of the necessary “Detect and Resist” recording requirements are satisfied within the AlienVault USM solution.
Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • Report on Backup, Test and Recovery operations including catalog details, site information and version information
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the AlienVault USM solution. Specifically, as long as backup, test, and recovery operations (including catalog details, etc.) are logged, AlienVault’s USM server can produce alerts if any failure occurs during these operations.

PMC Requirement: 9. Alerting critical events

Define a set of real-time Alerts and Reports that will identify events classified as “Critical” by the organisation.

Relevant USM Capabilities: Aware
  • Report and Alert on all Alert messages generated by the SIEM solution
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the AlienVault USM solution. Built-in asset discovery, vulnerability assessment, threat detection and behavioral monitoring data provide a rich set of environmental information to be analyzed by AlienVault’s built-in SIEM and event correlation engine.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Reports and Alerts to be delivered by secondary delivery mechanisms, such as email, SMS etc.
  • Report on changes to Alert rule base
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the AlienVault USM solution. AlienVault supports secondary delivery mechanisms for alerts such as email, SMS, and will report on changes to the alert rule base.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Ensure Alerts are visible on consoles and or wall displays
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the AlienVault USM solution. AlienVault’s all-in-one console provides flexible dashboards and reporting views to ensure prioritized follow-up to all alerts.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • SIEM solution should allow multicasting of Alerts to several locations
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the AlienVault USM solution. Specifically, sending alerts to multiple destinations is fully supported by AlienVault’s built-in SIEM engine.

PMC Requirement: 10. Reporting on the status of the audit system

Define a set of Alerts and Reports that will allow confidence in the integrity of the auditing system, such that the output of this system can be relied upon in a court of law.

Relevant USM Capabilities: Aware
  • Report and Alert on Log Cleared or Reset, Log collection errors, and threshold exceptions
  • Report on status of active log storage, space allocated, space used, space remaining and total record count
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements are satisfied within the AlienVault USM solution. AlienVault’s USM will report on status of active log storage, total record count, and other details regarding space available and usage metrics.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • Report on status of active log storage, space allocated, space used, space remaining and total record count trended in a graph over time
  • Report on status of active log storage, space allocated, space used, space remaining and total record count, plus log rotation information
  • Your SIEM solution should be able to prove chain of custody, including each part of the chain adds source and origin information. Original timestamps should not be modified
  • Report on log sources
  • Your SIEM solution should be able to prove chain of custody, including each part of the chain adds source and origin information, trended in a graphical format over time
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements are satisfied within the AlienVault USM solution. Specifically, AlienVault’s Logger preserves the integrity of all audit logs collected to prove chain of custody and the SIEM engine provides the full source and origin information for each event log collected and analyzed. Trending and graphical reports are available through AlienVault’s single management console.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • Report and Alert on integrity checking failures anywhere within the chain of custody
  • Report on log access requests via queries or reports
  • The SIEM should have the capability to search online and archived log data
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements are satisfied within the AlienVault USM solution. Specifically, AlienVault’s Logger preserves the integrity of all audit logs collected, and alerts on any failures that are generated related to the audit log. Additionally, AlienVault’s USM solution will also report on log access requests and provides easy online searches for all archived raw log data.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
Examples of How AlienVault USM Help:

All of the necessary “Defend” recording requirements are satisfied within the AlienVault USM solution.

PMC Requirement: 11. Production of sanitised and statistical management reports

Define a set of Reports that will provide feedback to management on the performance of the Protective Monitoring system effectiveness.

Relevant USM Capabilities: Aware
  • Report must be sanitised and omit identifying and sensitive information such as Username, IP addresses, Workstation names and Server names
  • If web reports are produced these must also be sanitised
Examples of How AlienVault USM Help:

All of the necessary “Aware” recording requirements can be satisfied within the AlienVault USM solution. Specifically, the 100+ built-in reports can be easily customized to anonymise specific information.

Relevant USM Capabilities: Deter
  • Ensure you meet the requirements of lower recording profiles
  • If external managed security service providers are used they might include custom reports that can be used directly for management
Examples of How AlienVault USM Help:

All of the necessary “Deter” recording requirements can be satisfied within the AlienVault USM solution. For example, customizing the built-in reports, templates, and dashboards can provide the specific views required for your management team.

Relevant USM Capabilities: Detect and Resist
  • Ensure you meet the requirements of lower recording profiles
  • It is expected that an enterprise solution is deployed to meet your GPG 13 requirements, most likely a SIEM working with a number of other technologies, such as an IPS, IDS, and Anti-Virus etc.
  • A complete Protective Monitoring Solution is likely to include an audit or compliance check software
Examples of How AlienVault USM Help:

All of the necessary “Detect and Resist” recording requirements can be satisfied within the AlienVault USM solution. In fact, AlienVault’s USM combines built-in security controls such as IDS, log management, netflow analysis, file integrity monitoring, and vulnerability assessment with a SIEM engine to provide complete protective monitoring.

Relevant USM Capabilities: Defend
  • Ensure you meet the requirements of lower recording profiles
  • It is required to use defense in depth at this segment level, meaning different vendors for the different technologies required for a complete Protective Monitoring Solution, such as a different SIEM vendor from Anti-virus, IPS, IDS and Audit or compliance check software
Examples of How AlienVault USM Help:

While AlienVault’s USM provides all of the built-in essential security controls necessary for protective monitoring, our open API allows for easy integration with additional data sources from other security vendors.

PMC Requirement: 12. Providing a legal framework for Protective Monitoring activities

Define a requirement that will ensure all monitoring is conducted in a legal manner, and that the collected data is, in itself, protected and treated as sensitive data.

Relevant USM Capabilities: Aware
  • No recording profile required at this segment level
Examples of How AlienVault USM Help:

Not applicable.

Relevant USM Capabilities: Deter
  • Report on user sign up activity to defined terms and condition of network usage terms
Examples of How AlienVault USM Help:

This requirement is more of a procedural one than one that can be satisfied with technology alone. However, AlienVault USM can track user activity to verify compliance with network usage terms and conditions.

Relevant USM Capabilities: Detect and Resist
  • Report on user sign up activity to defined terms and condition of network usage terms, to include digital user signatures
  • Any re-affirmation should also be logged and reported
Examples of How AlienVault USM Help:

This requirement is more of a procedural one than one that can be satisfied with technology alone. However, AlienVault USM can track user activity to verify compliance and re-affirmation with network usage terms and conditions.

Relevant USM Capabilities: Defend
  • Report on user sign up activity to defined terms and condition of network usage terms, to include digital user signatures and hardware tokens or smart card reference
  • Any re-affirmation should also be logged and reported
Examples of How AlienVault USM Help:

This requirement is more of a procedural one than one that can be satisfied with technology alone. However, AlienVault USM can track user activity to verify compliance and re-affirmation with network usage terms and conditions.

Watch a Demo ›
GET PRICE FREE TRIAL