Continuous Monitoring for Perimeter and Insider Threats

Threats to your agency can come from inside and outside. Novell can help you catch them all. Novell is a leading provider of security information and event management (SIEM) and continuous compliance monitoring solutions to federal, state and local governments. Novell solutions address two critical issues facing government agencies today: security and policy compliance.

Many large government agencies and their contractors depend on Sentinel™ from Novell to help them manage risk more effectively. They can improve compliance reporting and security metrics by replacing manual processes with a continuous auditing and reporting solution for IT controls. Sentinel collects and correlates disparate security and compliance event data from throughout the network and analyzes the data in real time to help agencies identify and respond to security incidents and policy compliance violations. Sentinel is also the only SIEM product featuring incident response management. It automates and formalizes the process of tracking, escalating and responding to incidents and policy violations from the moment they occur through final resolution. Sentinel also provides two-way integration with leading trouble-ticketing systems as well as end-to-end tracking of system activity for audit purposes.

Government Solutions

Compliance Monitoring—Government agencies and their contractors face a multitude of strict information security regulations. When audited, an agency must clearly demonstrate that it can detect and prevent unauthorized access and malicious activity on the network, and that it can quickly respond to and resolve security incidents.

Novell provides an IT controls monitoring and auditing solution to help affected organizations demonstrate compliance with government standards established to protect critical information, including:

• Federal Information Security Management Act (FISMA)
• Director of Central Intelligence Directive 6/3 (DCID)
• National Industrial Security Program Operating Manual (NISPOM)

Securing Information Technology and Preventing Privacy Violations—Threats to an agency's environment come from both outside the organization's s trusted zones and from within. Sentinel helps you understand what's happening across your agency's perimeter environment and internal networks and systems so you can monitor the effectiveness of your IT controls, prioritize and track your remediation efforts and manage your risk more optimally.

• Perimeter Threat—Government agencies are among the most targeted organizations for viruses, worms, denial-of-service and hacker attacks. As a result, these agencies have deployed multitudes of security point solutions across their extended enterprises. These tools generate overwhelming volumes of real-time data, much of which can be non-critical "noise" that can hide those events needing immediate attention. It is impractical to manually gather, review, consolidate and analyze this volume of security and compliance data and its complexities. Sentinel automates the process of collecting, correlating and analyzing data so you can prioritize and conduct remediation activities and reduce your overall risk. Built-in workflow management and remediation tracking functionality (iTRAC) enables you to make decisive, appropriate responses to incidents by automating and enforcing incident identification and resolution processes.
  
  
• Insider Threat—Unauthorized access to systems by employees and others is the fastest-growing threat in today's networked environment. A recent CSI/FBI crime study showed that per-incident costs rose 500% from 2003 to 2004, and a recent national news report indicated that 82% of all successful exploits were a result of malicious activity by trusted insiders. While many organizations have invested in and deployed security devices and applications, insider abuse goes undetected by those tools designed to protect your perimeter. Employees have valid user names, IDs and other approved network credentials that typically don't trigger alarms, unless logs are regularly reviewed for anomalies. But manually reviewing that information has become an impossible task and leaves open the possibility that incidents may go undetected because the information isn't being analyzed and correlated in real time. By the time an agency learns about an internal security breach, it's too late. Sentinel can help you detect insider abuse by collecting, retaining and analyzing log data. Through its iTRAC workflow management and remediation tracking functionality, Sentinel can enable and help document resolution of the issues—a requirement common to many government regulations.

Case Studies

Many defense, civilian and intelligence agencies rely on Sentinel to help reduce compliance efforts and costs, and manage their risk more effectively.

• Intelligence agency case study
• NAVCIRT case study

Memberships and Accreditations

Novell is a corporate member of the following organizations:

• Armed Forces Communications and Electronics Association (AFCEA)
• Industry Advisory Council (IAC)

Sentinel 5 from Novell has either achieved the following accreditations, or is in the final validation process:

• NIAP EAL 2 (currently in evaluation)
• DCID 6/3 Protection Level 3
• DITSCAP
• NISCAP

Talk to us about continuous monitoring for perimeter and insider threats. +