The Federal Information Security Management Act (FISMA) Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation. These publications include FIPS 199, FIPS 200, and NIST Special Publications 800-53, 800-59, and 800-60. Additional security guidance documents include NIST Special Publications 800-37, 800-53, and 800-53A. This covers many aspects of security including physical security, personnel security, contingency planning and others. Of particular importance to Security Information Managers are those FISMA controls that specifically relate to network and data security: AC (access Control); AU (Audit and Accountability); SC (System and Communications Protection); IR (Incident Response); and SI (System and Information Integrity).
FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. The requirements of FISMA include:
The requirements of FISMA present extensive data collection and analysis, potentially requiring the management of billions of events, data flows, and other data points. Further strain is imposed by requiring responsive, real-time analysis as well as historical, forensic analysis of these massive data stores, as well as the correlation of these events to defined users, roles, and policies. Periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. NitroView�s is able to analyze user and system activity by correlating network device logs, security events, and network data. This provides valuable audit trails, and is often critical for preventing, detecting, responding to, and remediating security breaches. NitroView ELM includes risk assessment capabilities to see exactly how each of its systems is configured, if policy settings are in place or if configuration vulnerabilities are present. Additionally, a risk assessment allows for automated scanning, management and reporting.
NitroGuard IPS controls access to secure networks through innovative intrusion prevention techniques, while NitroView DBM controls and protects access to secure data at the source. Each is tightly integrated with NitroView ESM for notification of access control violations, forensic investigations, and reporting.
NitroView ELM provides compliant storage of signed and encrypted log files. Because appropriate logs aren't available, such as for database activity, logs can be generated by NitroView DBM, providing more auditable detail.
NitroSecurity's entire product line is dedicated to the protection of systems and communications: NitroGuard IPS to prevent malicious activity on the network; NitroView DBM to monitor and protect data assets; NitroView ESM to detect larger threats, using advanced correlation and analysis features; and NitroView ELM, for universal log collection and analysis, as well as compliant log storage.
NitroView ESM is the leading incident response tool, capable of reporting on billions of events in seconds. Using the power of NitroView's data management engine, it's possible to start an investigation anywhere—with a suspect source IP or username, a specific transaction, a firewall event, or any other piece of collected evidence—and quickly see all other relevant data, in real-time.
NitroView DBM is able to monitor systems for database and application integrity, including patch levels and other system-level details that are important to SI compliance.
|
Log in
