Prism Microsystems has released the latest version of its Security Information and Event Log Management (SIEM) product, EventTracker, which offers support for the 15 automated security controls of the Consensus Audit Guidelines (CAG), a joint initiative of defense experts from federal agencies and the SANS institute.
The CAG are reportedly a set of 20 technical security controls designed for blocking the serious threats. For each control, actual attacks blocked are identified, practices for automation (for the 15 controls that can be automated) are provided and tests to determine implementation are defined.
Originally developed to address the requirements of the new FISMA that requires federal agencies to “monitor, detect, analyse, protect, report and respond against known vulnerabilities, attacks and exploitations,” the guidelines have also been found to mitigate known attacks against financial institutions, retailers and government agencies, the company claimed.
A.N. Ananth, CEO of Prism Microsystems, said: IT Security is everybody’s job and on the mind of a lot of CIOs. Less obvious is how specifically to go about it, in what order, given real-world budget and staffing constraints. Regulatory guidelines are necessarily general and therefore must be mapped to a specific environment, a long and expensive first step towards better security.
“The Consensus Audit Guidelines (CAG) are a useful collection of controls and specific recommendations made by people with rich relevant experience. The goal is to mitigate the most damaging threats known to be active today. They are also pragmatic in acknowledging that major procedural or technical changes cannot be made easily and quickly and therefore out of scope.
Prism’s new SIEM product is expected to offer capabilities necessary for automating the security controls outlined in CAG. These include real-time monitoring of USB and external devices, configuration changes, software installations, suspicious network activity, file/folder access, status of anti-virus applications and security patches and log-on/log-off activity.
The new offering can also enforce remedial action on all monitored systems and includes prepackaged templates to report on each of the 15 controls.
