Cyber Security

True prevention of threats related to fraud, theft, acts of sabotage and terrorism involve more than just managing IT security or physical security. In today’s inter-connected world even though enterprises are still organized in functional silos, the major applications and systems running business processes for these organizations are connected via networks to the outside world. Cyber Security involves the protection of assets from threats that can originate remotely, or initiated within the organization relying on connected assets and the information systems that manage them. AlertEnterprise leverages existing security automation tools, threat intelligence sources, and incident management capabilities in a single unifying application that delivers true situational awareness and real-time response capabilities to actionable intelligence.

Unified Threat Management
Threats occur in many ways. Hackers can attempt to infiltrate your network, malicious code traversing the internet may find its way into servers running critical applications, or disgruntled employees with malicious intent can cause incidents. A variety of security automation tools address different parts of the equation. AlertEnterprise aggregates threats, vulnerabilities and risks from a many sources to deliver a holistic view of risk based on the threats present leveraging results from existing tools like vulnerability scanners, security configuration managers, identity and access management systems and threat libraries from authoritative sources (NVD, iDefense and US CERT). No other solution can combine the range of sources to deliver a more comprehensive view of these threats than AlertEnterprise.

  • Integrate threats from authoritative threat sources (iDefense, NVD, ES-ISAC, US-CERT)
  • Leverage results from existing GRC, IT-GRC and Security Automation Tools
  • Integrate and correlate threats across IT systems, physical access controls and industrial controls

Insider Threat
A chemicals warehouse supervisor had been denied promotion and later was flagged to be a disgruntled employee in the company HR system. He started coming into the warehouse late at night on weekends and used the inventory software to look up dangerous chemicals. His next step was to scrap the inventory in the software and then remove the material from the warehouse to sell to underground bidders with terrorist ties. This theft would have gone un-detected. Insider threat is hard to detect and yet the impacts can be more devastating to the organization.

Key to preventing insider threat is monitoring privileged user activity, correlating IT access and physical access and conducting frequent background checks. The ability to conduct risk analysis prior to provisioning access is very important. Additionally removing physical access to facilities and critical assets almost immediately upon employee termination is one of the best ways to prevent insider incidents. AlertEnterprise delivers the ability to do all this and extends into asset-intensive industries by identifying control system access that terminated employees or contractors may have.

  • Correlate access to IT applications, facilities, critical assets and control systems.
  • Monitor privileged user activity and access
  • Automatically remove terminated employee access to applications, systems and facilities

Incident Management
Managing real-world incidents requires a single application that can manage cases that include cyber incidents, physical access incidents, fraud and ethics incidents in a single application. Having a case repository where incident response teams, escalation workflow and policy information reside is essential to managing security incidents in real time. Depending on the type of incidents, the appropriate response teams can be assigned and remediation actions tracked. Remedial Action Scripts (RAS) can be pre-configured with context sensitive guidance so that incident responders do not waste precious minutes looking up three-ring binders for the next steps. AlertEnterprise delivers on-screen guidance to responders on how to address the situation. Remediation steps can be triggered and first responders notified automatically.

AlertEnterprise delivers the unique capability of integrating events and alerts from IT systems, Physical Access Control Systems, Video Surveillance and Industrial Controls, making it the incident management tool for critical infrastructure protection applications.

  • Automated workflow for notifications and escalations
  • Integration with IT security automation tools
  • Automated Remedial Action Scripts
  • Automated triggering of response actions

Solutions
space
zone1bar
space
zone1bar
space
zone1bar
spacer

Industry Solutions
 
  Industries
  Smart Grid/ Utilities
  Oil & Gas
  Chemicals
  Transportation
  Nuclear
  Pharmaceuticals
  Healthcare
 
Public Sector
  Federal Government
  Defense and Intelligence
  Public Safety
  Airport Security
  State & Local Government
  Global Events
 
Regulations and
  Standards
  NERC CIP
  CFATS
  Sarbanes-Oxley
  FERC Codes of Conduct
  ANSI/ISA 99
  NIST SP800-XX
  FICAM/ICAM
  FISMA
  HSPD-12
  HIPAA
  OSHA
  OFAC