netForensics Integrates Security Audit Framework into SIM Platform : Delivers Unprecedented Guidance for Information Security Management, Compliance and Reporting
2008-07-14 02:00:00
EDISON, N.J. (EMWNews) July 14, 2008 —
netForensics, Inc., a ”visionary”
leader in the Information Security Management market, today announced
new functionality in its flagship Security
Information Management (SIM) application that provides unprecedented
guidance for managing and reporting on critical IT security issues, as
well as compliance with regulatory requirements and standards. The
integration of the new security
audit framework into its nFX
SIM One product enables netForensics to deliver the market’s
most comprehensive solution for managing and reporting on IT security
and third-party compliance requirements.
” ” |
Modules that address specific regulations, such as PCI,
and FISMA,
easily plug into the framework for quick deployment and rapid time to
value. The first module delivered as part of the release of the new
security audit framework helps retail organizations manage themselves
against the Payment Card Industry (PCI) Data Security Standard.
The new audit
framework and out-of-the-box modules seamlessly integrate into nFX
SIM One through a new web-based interface. Other information
security management and log management vendors enable their users to
report on the data that is collected, but put the onus on the end user
to “connect the dots”
for interpreting, taking action against and reporting on this
information. The netForensics solution provides end users with a
detailed checklist and reports that they can provide to an auditor
explaining exactly how affected devices are configured and what is being
reported on.
Guidance is provided that tells the user what affected devices they
should be concerned with, how to group them for compliance monitoring
within the SIM application, and what data to monitor based on the
specific sections of the various regulations and standards. Through the
new framework, the modules include:
-
Knowledge-base guidance that details what an affected customer must
monitor and report on
-
Detailed, step-by-step instructions for configuring, aligning, and
monitoring devices and other resources affected by the relevant
regulation or standard
-
Advanced correlation rules and report templates needed to speed
deployment
The PCI compliance module decreases the time and resources needed to
spend on meeting PCI compliance requirements, gathers information for
self-assessments from an auditor’s
perspective, and provides third-party auditors information needed to
evaluate organizational compliance. Within the PCI Data Security
Standard, there are 12 sections and over 100 subsections that make up
the requirements. The netForensics PCI Security
Audit Framework module covers the following requirements:
-
1.1.1 – A formal process for approving and testing all external
network connections and changes to the firewall configuration
-
1.1.3 – Requirements for a firewall at each Internet connection and
between any demilitarized zone (DMZ) and the internal network zone
-
1.1.4 – Description of groups, roles, and responsibilities for logical
management of network components
-
1.3.7 – Denying all other inbound and outbound traffic not
specifically allowed
-
3.4 – Render account numbers, at minimum, unreadable anywhere it is
stored (including data on portable digital media, backup media, in
logs, and data received from or stored by wireless networks) by using
any of the following approaches:
|
||||||||||
|
|
|
|
|
|
|
|
— |
|
Strong one-way hash functions (hashed indexes) |
— |
Truncation |
|||||||||
— |
Index tokens and pads (pads must be securely stored) |
|||||||||
— |
Strong cryptography with associated key management processes and procedures |
-
10.1 – Establish a process for linking all access to system components
(especially access done with administrative privileges such as root)
to each individual user
-
10.2.1 – All individual user accesses to cardholder data.
“The netForensics PCI Security
Audit Framework module tells users what the auditor is looking for.
Unlike our competitors we have certified auditors on staff, not
consultants mapping COBIT or other standards generically,”
said Tracy Hulver, Vice President of Marketing and Products at
netForensics. “Compliance is education, not
just a blind shot in the dark attempt at success. Other vendors don’t
truly understand what the auditor is looking for and instead provide a
generic offering that typically fails under the scrutiny of a seasoned
IT auditor.”
netForensics will launch additional compliance modules over the next
several months, including those that will support Sarbanes-Oxley (SOX),
Gramm-Leach-Bliley Act (GLBA), and the Federal Information Security
Management Act (FISMA).
About netForensics
netForensics delivers security
compliance management solutions that help stop the ever-increasing
attacks that threaten organizations. Through its patented nFX
technology, netForensics not only solves security compliance challenges,
but provides the proof needed to address the myriad of regulatory and
internal governance requirements. The netForensics’
suite of nFX One
products provides solutions to address external and internal threats,
mitigation, log management and reporting. Governments and companies of
all sizes around the world rely on netForensics to gain unparalleled
information security management visibility, prevent costly downtime, and
maintain compliant operations. For more information, visit: http://www.netforensics.com/.
Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89
Get Unlimited Organic Website Traffic to your Website
TheNFG.com now offers Organic Lead Generation & Traffic Solutions