neuSECURE 3.0, the first SIM Delivering Value Across the Enterprise
SAN FRANCISCO, Feb. 14 /PRNewswire/ -- Today GuardedNet announced
neuSECURE 3.0, the first Security Information Management (SIM) solution to
provide tailored views of security information for all aspects of security
operations, thus providing incident management, risk mitigation, compliance
and audit with real-time security information with which to make more informed
decisions.
"Security data has value to multiple groups within an enterprise, not just
incident response teams, but also risk management, internal audit and
regulatory compliance managers," said Tom McNeight, president of GuardedNet.
"The key is to take the data and provide multiple, logical views of it, as if
through different lenses. SIM solutions are the logical choice for providing
these views and yet most are used only for reactive incident management. We
are bringing SIM into the realms of policy monitoring and risk mitigation, and
in doing so, placing neuSECURE at the center of enterprise security
operations."
Since the launch of neuSECURE in 2001, GuardedNet has been at the
forefront of defining the SIM category. Its software platform, neuSECURE,
enables real-time security monitoring in heterogeneous IT security
environments and provides security teams with a consolidated, enterprise-wide
view of their security posture. With neuSECURE 3.0, enterprises continue to
have real-time access to information about their security posture, but not
just based on incident response metrics. Now critical security decisions can
be made based on data as it relates to policy violations and exposures.
Policy and Audit
With neuSECURE, internal auditors have the ability to view policy
violations using regularly scheduled policy-oriented reports or via critical
email alerts. This enables them to augment their strict framework of scheduled
audits with real-time policy compliance verification. Security administrators
can immediately detect internal misuse and quarantine any device or area of
the network considered out of compliance. neuSECURE 3.0 enables its customers
to maximize this functionality through a wide variety of policy-oriented rule
templates, based on industry-recognized best practices, out-of-the-box.
Regulatory Compliance Management
The shift from periodic policy review to continuous compliance monitoring
is critical to an enterprise's ability to comply to today's security
regulations (e.g. Sarbanes-Oxley, Gramm-Leach-Bliley and the Healthcare
Information Portability and Accountability Act). But real-time security policy
monitoring is only one of the ways that neuSECURE 3.0 supports regulatory
compliance initiatives. neuSECURE's new reporting engine comes with numerous
built-in compliance-oriented report templates. In addition, neuSECURE 3.0
automates a variety of required security activities, such as log aggregation
and storage as well as real-time incident monitoring and alerting.
Risk Mitigation
Vulnerability assessment and patch management is typically a batch mode
process that rarely incorporates information regarding ongoing threats,
exposures or other business context in its prioritization. neuSECURE provides
a channel through which risk mitigation teams can be alerted regarding the
highest priority systems that require patching or reconfiguring in their
environment. This can be done via a daily scheduled report or even via real-
time alerts. neuSECURE uses multiple correlation techniques to determine
vulnerabilities or exposures, which are defined as high threat attacks against
at-risk assets. neuSECURE prioritizes these exposures and can prioritize them
based on the likelihood of compromise and/or on the importance of the asset in
question. Security teams can determine which systems to patch or reconfigure
first based on those exposures. In addition, neuSECURE 3.0 delivers built-in
rules that track the SANS Top 20 Internet Security Vulnerabilities
( http://www.sans.org/top20/ ) within the organization.
neuSECURE 3.0 provides this risk mitigation, regulatory compliance
management, and policy monitoring functionality, as well as the most robust
incident handling capabilities in the industry, through the following
features:
* Custom Dashboards - neuSECURE provides a customizable dashboard, with
permissioning of event data by view, data source and security domain,
thereby creating a custom lens. This customization enables each
constituency to see their security data in a way that makes the most
sense to them. For example, risk management could have one view,
internal audit, another. This lens concept is extended and applied to
neuSECURE's alerting capabilities, so that individuals who are not
likely to use neuSECURE's dashboard 24x7, can still be kept in the loop
when a critical event occurs.
* Vulnerability Correlation - neuSECURE 3.0 correlates known attack data
with known vulnerability data. The end result is a direct one-to-one
mapping of "exploit to vulnerability" whenever such information is
available. This enables an organization to locate compromised systems
and react in a timely manner so as to reduce the impact that a
compromise has on the organization.
* Susceptibility Correlation - When a direct one-to-one mapping of an
"exploit to vulnerability" is not plausible, Susceptibility Correlation
determines the probability of an asset's exposure using all available
information about that asset, such as services running, ports open, and
the operating system on the machine. This real-time method of analysis
serves as an Early Warning System, bubbling up to the surface the
systems that are experiencing activity that is most likely to result in
a compromise and reducing the criticality of threats against non-
susceptible hosts. Susceptibility correlation is exceptionally easy to
implement and use. The logic is embedded into the product, requires
minimal administration, and is an out of the box benefit.
* Meta Events - A Meta event is a user-defined event generated by
neuSECURE's rule engine for the purposes of higher level security
analysis and qualification. The introduction of Meta events into the
neuSECURE rules engine enables users to view all instances of their
rules firing as its own unique event data. By incorporating the result
of rules-based analysis back into the product as event data, it can be
viewed and analyzed using neuSECURE's dashboard, its unique PowerGrid
Event Viewer, and its Reporting engine.
* User-based Information Collection - The ability to collect user-based
event information expands security information management systems
beyond traditional IP-device focused correlation. This feature allows
neuSECURE to correlate on user-based security events from a variety of
security, host and application logs. This is significant in terms of
policy enforcement as well as for regulatory compliance with federal
mandates such as Sarbanes-Oxley.
* New Reporting System - neuSECURE's new reporting engine provides an
improved report viewing and filtering user-interface, additional export
formats, expanded scheduling and distribution capabilities, a new
custom report authoring environment, and several additional report
templates. Many of the additional report templates are focused on
policy violations and exposures.
* Event Classification Database - neuSECURE now has the largest
predefined event classification database in the industry with over
15,000 unique event mappings. As a new device type is integrated, its
specific event type naming conventions are automatically mapped to the
common event taxonomy, providing significant out-of-the-box value.
* Enhanced Ticketing System - neuSECURE's ticketing system is now the
most robust in the industry, offering many new fields to query upon as
well as enhanced Remedy integration.
* Database Compression - neuSECURE offers 4:1 data compression for
improved storage capabilities in Oracle.
* Knowledgebase - neuSECURE provides access to vendor-specific event
information through its security knowledgebase, which is quite helpful
during the investigation phase. It also provides a place for users to
annotate specific event types with information relevant to the
company's specific business priorities and environment.
Availability:
neuSECURE 3.0 will be available March 2005, both as a software solution
and as an appliance.
About GuardedNet(R):
GuardedNet delivers advanced enterprise security information management
(SIM) solutions designed to improve the effectiveness, efficiency, and
visibility of security operations and information risk management. Its
software platform, neuSECURE(TM), enables centralized security monitoring and
incident management in heterogeneous security environments, improving
corporate security and reducing operational costs. GuardedNet has received
numerous accolades and was recently named a finalist in Network Computing
Magazine's 2004 Well Connected Awards for outstanding performance in Security
Information Management. GuardedNet's neuSECURE has also received Information
Security Magazine's Hot Pick of the Month for a security product in February
2004. GuardedNet was also the recipient of Information Security Magazine's
Horizon Award for Customer Satisfaction. GuardedNet is a private company,
headquartered in Atlanta, Georgia. For more information about GuardedNet,
please call 888-599-8297 or visit http://www.guarded.net .
SOURCE GuardedNet
 back to top
Related links:
http://www.guarded.net
http://www.sans.org/top20
CONTACT:
Kelly Schupp, Director of Marketing of
GuardedNet, +1-404-591-8225, or kschupp@guarded.net
NOTE TO EDITORS: GuardedNet(R) is a registered trademark of
GuardedNet Inc. All other companies, brand names or products are
trademarks or registered trademarks of their respective
companies.
|
