5 Reasons to Manage with Controls

White PaperFebruary 2008
Five Good Reasons For Using SIEM to
Manage With Controls
Security is at the top of the corporate agenda and at the heart of agencymissions. The impact of effective security on brand protection, corporategovernance, accountability to shareholders is measured in good will anddollars spent to repair damages. The drive to "be secure" is a mandatefor doing business today. Most organizations can look back to 2005 andattest to the improvements made: policy and process maturity, staffdevelopment and education and awareness of all employees. Todaydeliberate and strategic security strategies and IT governance modeldeveloped in the context of business objectives is the goal, if notalready the standard.
Copyright©2008 Intellitactics. All Rights Reserved.White PaperPage 2
Making the Case for ControlsSuccessful companies report that information security is technology and processContents intensive. These same companies develop policies and enforce them with a com-2 Making the Case for Controls prehensive set of controls to comply with internal policies, regulatory standards,3 Five Good Reasons for Implementing industry standards and best practices. These controls are uniform and comprehensiveSIEM for Managing Controls across the enterprise and monitored, measured and reported on to demonstrate5 Getting Started With Controls effectiveness and efficiency in securing critical information assets.
7 Intellitactics Features ControlManagement Simple mapping of controls to regulatory standards uncovers gaps that introducepotential vulnerability or weakness. Ensuring that databases, applications, network8 Committed to Your Success segments or operating systems which are critical to patient, customer or generalbusiness services are secured yields significant improvements in an organization'sability to simply comply or defend the enterprise.
Efficient monitoring and management of controls requires the collection and analysisof millions of logs that often exceed the capacity or capability of most companies'security operations functions. Manual review of event log files is not only time-con-suming it is often error-prone. Log reviews are often conducted under pressure:responding to a diligent auditor or investigating a reported breach and the highlycompressed timeframe introduces unnecessary distractions and detours.
Active management of all the logs of all the devices that must be managed tocomply or secure the enterprise exceeds the capacity of even the largest organiza-tions. Active management of patches, configuration changes or vulnerability of criticalinformation assets escapes the capability of the most expert IT organizations.When organizations rely on manual techniques for managing there are pragmaticlimitations to how much data or how many devices can be managed.
To sustain compliance between audits and to strengthen enterprise defense manycompanies turn to automation. Automation takes the cost out of compliance andincreases the effectiveness and efficiency of the security team and the entire ITorganization. While short-term needs can be addressed with simple log collecting,searching and filtering there are many benefits derived from a long term strategyand management of controls.White PaperPage 3
Five Good Reasons for Implementing SIEM for Managing ControlsA 2007 research benchmark developed by the Aberdeen Group provides insightand guidance for ". . .organizations compelled to manage, audit and report onsecurity related systems and information for the purposes of demonstrating com-pliance with industry regulations, government regulations, industry standards andbest practices or internal policies." According to the Aberdeen Group: "Attendingto compliance on a consistent, repeatable basis was shown to lower operationalcosts, support higher scale, reduce security risks and maintain consistent policiesfor security and compliance. The ability to sustain compliance with internal policies,regulatory standards or industry best practices offer companies positive andmeasurable results." Specifically, Aberdeen Group found that best in classcompanies shared the following accomplishments:
. Decrease in non-compliance security incidents and security related incidents
. Decrease in false positives
. Decrease in time to complete a compliance related audit
. Increase in the number of systems requiring updates, patches andconfigu... [download for more]