Automate and Accelerate IT Compliance.Good for You. Good for Your Auditor

Although specific requirements may vary slightly between compliance standards, Zartek Global USM™ can help you quickly achieve comprehensive compliance. Zartek Global USM delivers complete IT compliance management capabilities in a single platform and console view.

These capabilities include asset discovery, vulnerability assessment, intrusion detection, service availability monitoring, log management, and file integrity monitoring (FIM), allowing you to:

• Quickly identify and resolve compliance issues
• Utilize flexible reporting and detailed executive dashboards
• Quickly and automatically discover and scan assets
• Stay on top of threats with host and network IDS for continuous threat detection
• Demonstrate compliance with real-time security control evaluation

Zartek Global USM™ unifies essential compliance management software in a single platform.

Continuous Compliance

• Log retention, management, and analysis—all in one platform
• Analyze logs automatically to detect malicious behavior directed at in-scope devices
• Integrate data from legacy security tools

 

Asset Discovery & Monitoring

• Active and passive asset discovery
• Network and Host IDS
• SIEM and log aggregation

 

Flexible Reporting & Dashboard

• Auditor-ready report templates for PCI-DSS, ISO27002, HIPAA and more
• Role-based access control for customized views
• Custom report queries and fast searches

 

Continuous Compliance with USM

IT compliance management is often a manual process that requires the aggregation of data from multiple systems into a single view. Zartek Global USM delivers all of the essential security capabilities into a single platform – saving you the time, cost and complexity of bringing all of this together on your own.

Zartek Global USM delivers a workflow-centric solution that reduces time-to-compliance versus a home-built solution stitched together from individual point products. This unified approach allows you to quickly get answers to critical IT compliance management questions:

• Where do your critical assets live, how are they configured,
  and how are they segmented from the rest of your network?
• Who accesses these resources?
• What are the vulnerabilities that impact your compliance status?
• What constitutes your network baseline and what is considered normal or acceptable?

 

Asset Discovery & Monitoring

One of the foundations of any successful IT compliance management initiative is accurately determining all the systems, applications and inventory that are in-scope. Having a deep understanding of all assets within your compliance scope is critical to your ability to effectively monitor and maintain compliance.

Zartek Global USM can perform both active and passive network scanning to identify hosts and installed software. It provides the granular visibility you need into the security status of your critical assets.

In addition, USM’s Network-based and Host-based Intrusion Detection Systems (NIDS & HIDS), coupled with File Integrity Monitoring (FIM), analyzes system behavior and tracks user access and activity to detect threats targeting your systems and enable compliance with the latest industry regulations.

Zartek Global USM’s SIEM capability correlates and presents data in one complete dashboard, putting the information you need at your fingertips and allowing you to maintain successful IT compliance management.

Flexible Reporting & Dashboard

IT compliance management isn’t a one-time event, but rather a system of processes that need to be continually enforced. Although specific requirements for monitoring and security event management vary from one standard to the next, Zartek Global USM can help you quickly achieve full compliance with its built-in monitoring and security event management capabilities, all managed from a single console.

Zartek Global USM offers hundreds of built-in compliance reports for managing your PCI-DSS, ISO, SOX, HIPAA, GLBA, NERC CIP or GPG13 programs. These are automatically updated as asset and vulnerability assessment data changes, and you can quickly customize them based on your own compliance priorities.

Zartek Global USM ‘s IT compliance report features allow you to:

• Quickly produce reports with templates for PCI-DSS, ISO 27002, HIPAA and more
• Provide executives with information on demand with web-based executive dashboards with “click through” detail
• Utilize custom report queries and fast searches
• Conveniently share status with auto-report generation and distribution (PDF, Email, HTML, etc.)
• Control information distribution with role-based access control for customized views

Prove Compliance for Even the Most Challenging Requirements

Logging and Reporting: PCI DSS Requirement 10

Zartek Global USM™ helps you collect and protect your log records, as well as prove that you’ve done so.

Sections 10.1 – 10.4 deal with collecting audit logs, tracking access to cardholder data, actions taken by admins, and failed logins, establishing audit trails, and tracking manipulation of the audit trail. Zartek Global USM provides the ability for each event logged in the system to be attributed to a particular user. This establishes an audit trail, and provides forensic storage of events for later audit. For highly sensitive components, the Zartek Global host-based agent can be used in order to provide full visibility into all actions taken on particular machines. USM timestamps all audit logs, which addresses section 10.4.

Section 10.5 requires that audit trails be secured so they cannot be altered. Zartek Global provides full role-based access control for access to audit trails and event logs. An additional separate audit log provides a record of modifications to the event log. All entries are time stamped and hashed to identify attempts of tampering.

Section 10.7 mandates that you retain audit history for at least one year, with a minimum of three months immediately available for analysis. Zartek Global provides the ability for both online and offline storage. Through the user interface, automated back-ups can be created to allow for offline storage and restoration of events. This provides the flexibility for long-term log retention even in high-volume environments.

 

Vulnerability Assessment: PCI DSS Requirement 11

Out of the box, Zartek Global USM provides vulnerability assessment that allows you to identify and assess weaknesses in your environment. USM’s asset management and vulnerability scanning identifies any discovered vulnerabilities and correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. Built-in file integrity monitoring alerts users to changes to critical files but can also be customized to monitor any file set.

 

Incident Response Planning: PCI DSS Requirement 12

Make sure the right people get notified to take action in the case of an incident. USM provides the alerting you need, down to the level of texting security professionals in real time as incidents occur. With USM, you get 24X7 coverage.

Bank Network Security Monitoring

Zartek Global’s USM platform provides a unified approach to bank network security monitoring, threat detection and compliance management that gives you the visibility you need from a single console for FFIEC compliance. The USM platform includes five essential security capabilities, all centrally managed through a single interface:

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• SIEM (Security Information and Event Management)

These built-in, essential security controls and threat intelligence eliminate the need to deploy separate security point products and conduct independent threat research.

With correlation of security events from built-in vulnerability assessments, IDS, file-integrity monitoring (FIM), and service availability monitoring, Zartek Global USM brings together the key data needed for effective incident detection, alerting and response. You can also integrate data from third party tools via our extensive plugin library to increase visibility and preserve the value of your investments.

The Zartek Global USM platform enables you to quickly answer critical questions about your security posture for FFIEC cybersecurity monitoring purposes, such as what devices are on your network, which assets are vulnerable to attack, and if any of your devices are communicating with known malicious IP addresses. Zartek Global USM will also automatically alert you when there is malicious activity in your network, when unauthorized USB devices are attached to network assets, and when your users are violating policies.

 

Information Security Risk Assessment

Zartek Global USM provides a consolidated, single-screen view of all network activity to help you understand your FFIEC information security posture. This centralized view includes the ability to identify vulnerable systems for remediation and pinpoint connections to validate their purpose to take corrective actions.

With the asset discovery and vulnerability assessment capabilities built into the Zartek Global USM platform, you can perform authenticated or unauthenticated scans to identify and prioritize vulnerability remediation. Your IT team can then take appropriate action to remediate your organization’s greatest vulnerability risk and validate its success.

You can also use USM to perform a baseline for further assessments to identify new, previously unknown connections. The USM platform will pinpoint the connections and their protocols to help you adhere to FFIEC compliance mandates such as identifying insecure connections that are not allowed and require strict TLS/SSL or SSH for secure data transfer.

 

Integrated Threat Intelligence

The integrated threat intelligence built into the USM platform saves you significant amounts of time and effort. It eliminates the need for you to spend your scarce time researching the alerts that your security tools generate or the latest changes in the threat landscape.

The Zartek Global Labs team conducts research on emerging threats for you and delivers threat intelligence as a coordinated set of updates to the security controls built into the USM platform. This accelerates and simplifies your threat detection and remediation efforts:

• Correlation directives
• IDS signatures
• Vulnerability audits
• Asset discovery signatures
• IP reputation
• Data source plugins
• Report templates

These regular updates mean you no longer have to worry about creating the correlation rules and conducting the threat analysis to receive prioritized alarms about malicious activity within your networks. This makes it possible for you to detect the latest threats and meet FFIEC compliance without needing the deep security expertise required to conduct detailed threat research yourself.

The USM platform also incorporates data from the Zartek Global Open Threat Exchange (OTX). OTX is the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. Over 37,000 participants contribute over 3 million threat indicators daily from more than 140 countries that identify malware hosts, command and control servers, botnets, and more.

Intrusion Detection Systems for Any Environment

Zartek Global USM™ delivers intrusion detection for your network that enables you to inspect traffic between devices, not just at the edge. You can also correlate events from your existing IDS/IPS into a single console for complete network visibility while preserving your investments.

Catch threats targeting your vulnerable systems with signature-based anomaly detection and protocol analysis technologies. Identify the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures.

 

Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM)

Analyze system behavior and configuration status to track user access and activity. Detect potential security exposures such as system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes.

 

Deploys in Less Than One Hour

Sign up and deploy Zartek Global USM quickly. Start seeing actionable alarms in less than one hour.

 

Integrated SIEM Correlation

More than 2,000 correlation directives (and growing) to alert you to the most important threats.

 

Always Vigilant

Automatically receive new IDS signatures and updated correlation directives for the latest threats.

 

Works with Other IDS

Forward IDS and IPS event logs from your existing devices to the USM Sensor for event correlation.

 

Quickly View Threats in the Dashboard

We utilize the Kill Chain Taxonomy to highlight the most important threats facing your network and the anomalies you should investigate. You can easily see the types of threats directed against your network and when known bad actors have triggered an alarm.

 

Attack Intent & Strategy

The Kill Chain Taxonomy breaks out threats into five categories, allowing you to understand the intent of the attacks and how they’re interacting with your network and assets:

• System Compromise – Behavior indicating a compromised system.
• Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
• Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
• Reconnaissance & Probing – Behavior indicating an actor attempt to discover information about your network.
• Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Indicated by the OTX ‘Atomic’ logo, alarms and events associated with known Indicators of Compromise (IoCs) are highlighted throughout USM. This allows you to prioritize security events that contain data linked to malicious activity.

 

Reduced Noise

Correlating IDS/IPS data with multiple security tools reduces false positives and increases accuracy of alarms.

 

Automatic Notifications

Set up email notifications and implement phone messaging services such as SMS.

 

Complete Threat Evidence

See attack type, number of events, duration, source and destination IP addresses, and more.

 

Workflow Management

Create tickets from any alarm, delegate to users, or integrate with an external ticketing system.

 

Analyze Consolidated Threat Details Faster

Accelerate your response work by analyzing related threat details in one place.

 

Event Details

See the directive event, the individual event(s) that triggered the directive event, and the correlation
level of the directive rule.

You can click on any event to examine details such as:

• Normalized event
• SIEM information
• Reputation of source and destination IP addresses
• Knowledge base about the event
• Payload of the packet triggering the event

 

Powerful Analytics Uncover Threat and Vulnerability Details – All in One Console

Get to the bottom of who and what’s targeting your assets and what systems are vulnerable.

 

Search SIEM Events

You have the flexibility to conduct your own analysis. For example, you may want to search the SIEM database for events that came from the same host as the offending traffic triggering an alarm.

• Displays events stored in the database
• Filters help you find more granular data
• Sort by event name, IP address, and more

 

Check Assets and Vulnerabilities

Search the built-in asset inventory for assets involved with an alarm. Integrated vulnerability assessment scans indicate whether an attack is relevant by identifying vulnerable operating systems, applications and services and more – all consolidated into a single view.

• See all reported alarms and events by asset
• Modify your mitigation / remediation strategy based on presence of threats targeting vulnerable systems
• Correlate reported vulnerabilities with malicious traffic

 

Inspect Packet Captures

Use integrated packet capture functionality to capture interesting traffic for offline analysis. Packets can be viewed in the integrated Tshark tool, or you can download the capture as a PCAP file.

• Set capture timeout
• Select number of packets to capture
• Choose source and destination IP addresses to capture

 

Examine Raw Logs

Search for any raw logs that are related to activity reported by an alarm. For example, look for logs that are related to the source IP address that was reported in the alarm.

• Raw logs are digitally signed for evidentiary purposes
• Filter by time range and search pattern
• Export raw logs as a text file

Accelerate ISO 27001 Compliance

ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide a worldwide standard for information security.

Achieving 27001 compliance can be challenging for many organizations because of its broad scope, especially for organizations with limited resources. To accelerate ISO information security compliance, you need to simplify, consolidate, and automate essential security controls to unify policy monitoring, threat detection, and remediation prioritization.

Zartek Global USM™ delivers the essential security controls you need for ISO 27001 security compliance:

 

Automated Asset Discovery & Vulnerability Assessment

• Active and passive asset discovery
• Vulnerability assessment

 

Continuous Security Monitoring

• Detect policy violations quickly
• IDS, FIM, NetFlow, Service Availability

 

Powerful Reporting & Dashboard

• Report templates for ISO 27001 simplifies audits
• Custom queries and fast searches accelerate audit responses

 

Asset Discovery & Monitoring

A fundamental component of ISO 27001 compliance is creating and maintaining a comprehensive asset inventory. USM’s built-in asset discovery capability combines essential discovery and inventory technologies to give you full visibility into the devices that are on your network:

• Passive network monitoring to discover hosts and installed software without affecting system performance or network utilization
• Active network scanning to obtain more detailed information about devices and installed software

Once USM has created your asset inventory, its built-in vulnerability assessment alerts you to vulnerabilities on those systems. You can then use the prioritized list of vulnerabilities to remediate critical vulnerabilities before an attacker can exploit them.

In addition, USM’s integrated vulnerability tells you when your assets are vulnerable to the exploits it detects with its IDS capabilities.

 

Continuous Monitoring
with USM

ISO 27001 compliance requires the aggregation of event data from multiple systems into a single view. Zartek Global USM delivers the visibility you need in a single platform – saving you the time and expense of manually aggregating this data.

The USM platform utilizes the built-in essential security controls to generate the data that enables you to detect policy violations quickly and reduce time to compliance.

• Host and network IDS detect malicious activity targeting your assets
• File Integrity Monitoring (FIM) detects changes in critical files
• NetFlow identifies unusual network activity
• Service availability monitoring ensure essential services are running

 

This unified approach allows you to quickly answer the critical questions that are required for ISO 27001 compliance:

• What are my critical assets and how are they configured?
• Where are my critical assets located?
• How is my network segmented to limit access to these assets?
• Who has access to these resources?
• What are the vulnerabilities that affect my compliance status?
• What constitutes baseline activity in my network?
• Which users are violating policies?
• What are my privileged users doing?
• Who is attaching unauthorized removable media (e.g. USB drives) to critical network assets?

 

Flexible Reporting & Dashboard

ISO 27001 compliance requires on-going policy enforcement. The built-in security controls, combined with USM’s powerful reporting engine, help you develop and monitor your policies from a single console.

The USM platform provides report templates for ISO 27001 as well as the ability to customize those templates, ensuring that you can generate the reports you need. There are also compliance reports for other regulatory requirements such as HIPAA, PCI-DSS, GLBA, NERC CIP, GPG13 and other programs.

• Web-based executive dashboards with “click through” detail
• Custom report queries and fast searches
• Auto-report generation and distribution (PDF, Email, HTML, etc.)
• Role-based access control for customized views

Understand Who is Accessing Your Organisation’s Sensitive Data

Achieving compliance with GPG 13’s twelve Protective Monitoring Controls (PMC) is challenging—especially for organisations managing competing priorities, limited budgets, and small IT security teams. The secret to success is to consolidate, automate, and simplify the essential security controls and data analysis to quickly detect threats and prioritise your response.

Zartek Global’s USM™ platform is designed specifically for IT teams with limited resources to deliver the protective monitoring you need to achieve GPG 13 compliance and reduce risk.

Its built-in data sources eliminate the need to purchase and manage multiple security point products, and the integrated threat intelligence automatically alerts you to emerging threats.

 

Comprehensive Visibility

• Gain operational insight with built-in security controls that provide essential monitoring
• Understand who is accessing your organisation’s sensitive data
• Import data from your existing systems quickly to supplement Zartek Global USM’s data sources
• Manage all configuration, analysis and reporting from a single console

 

Integrated Threat Intelligence

• Focus on responding to threats rather than researching every alert
• Eliminate the need to create correlation rules to detect related events across your network
• Utilise context-specific response guidance to know where and how to respond to threats

 

Comprehensive Visibility

The Zartek Global USM platform puts up-to-the-minute security and threat information about systems, data, and users at your fingertips. You access this information via a single management console, which gives you complete security visibility and provides you with a unified threat detection and GPG 13 compliance management solution.

Zartek Global Labs Threat Intelligence keeps the security controls built into Zartek Global USM up to date. These continuous updates, coupled with a robust, customizable reporting engine, provides the protective monitoring you need.

The Zartek Global USM platform also tells you what assets are in your environment, their status and location, the severity of any vulnerability on those assets, and changes to any critical files or configuration. Additionally, it automatically detects suspicious and malicious traffic in your network and displays alarms in a ‘kill chain taxonomy’ that describes attack severity and attacker intent, minimizing the need for your IT team to research new threats.

You can also quickly integrate data into the Zartek Global USM platform from your existing security and network infrastructure, such as :

• Firewalls
• UTMs (Unified Threat Management systems)
• Next Gen Firewalls (NGFWs)
• Web Application Firewalls (WAFs)

The security analytics engine can correlate data from any source, which is essential for comprehensive protective monitoring.

Integrated Threat Intelligence

Zartek Global provides advanced, automated, and integrated threat intelligence in its USM platform that improves the accuracy of your protective monitoring. Threat intelligence, which is information about malicious actors, their tools, infrastructure and methods, is essential to identifying and responding to the most significant threats facing your network right now.

Zartek Global Threat Intelligence increases your ability to detect and respond appropriately to suspicious and malicious activity in your network. It automatically identifies and alerts on critical events, prioritizing the most significant threats targeting your network. This frees up valuable time to respond to threats instead of spending your time researching threats and writing correlation rules needed to find the few relevant events among terabits of log data. With the context-specific remediation guidance included in every alert, you can respond quickly to the threat to minimize the risk of a data breach.

Get the Cyber System Security Visibility You Need for NERC CIP v5

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards are specific guidelines to the power industry to ensure reliability and security standards for bulk electric system (BES). The NERC CIP standards specifically address security requirements, including:

• Risk-based assessment
• Security management
• Perimeter and physical security
• Remote access
• Incident response & investigation
• Configuration change management
• Vulnerability assessment
• Information protection

 

With v5 of NERC CIP, virtually all BES facilities are now in-scope with at least one of the requirements of NERC CIP. Providers now need to assess their BES to identify systems as low, medium, or high impact to determine their compliance requirements.

Zartek Global USM™ delivers the NERC CIP compliance software that simplifies your BES infrastructure assessment and compliance.

 

Built for IT Teams with Limited Resources

• Essential security controls built-in
• Automated analysis and alerting
• Centralized console for single view

 

Unified Approach Accelerates Infrastructure Assessment

• Essential security controls built in
• Not a “one-size-fits-all” approach
• Do more with less

 

Threat Intelligence Prioritizes Threat Detection and Response

• Zartek Global Labs updates
• Indicators of Compromise (IOCs)
• Detailed response guidance

 

Built for IT Teams with
Limited Resources

Zartek Global USM provides all of the essential security capabilities you need in one platform. Built specifically for IT teams with limited budget for technology and security staff, the USM platform eliminates the need for you to spend your scarce resources deploying and managing stand-alone products. The wide range of security technologies in the USM platform work together as a single system.

You’ll see the benefit of the unified approach almost immediately–the USM platform automatically starts collecting and analyzing your network activity using its built-in data sources as soon as it’s installed (you can also integrate data from your existing tools and applications using our extensive plugin library). The correlation engine, utilizing the pre-configured correlation directives created by the Zartek Global Labs threat research team, will begin identifying malicious activity and emerging threats in your network and provide you with guidance on how to respond.

The centralized management console puts everything at your fingertips: data about the systems on your network, their security status, and actionable threat intelligence to respond to threats quickly.

 

Unified Approach

The Zartek Global USM platform provides five essential security capabilities in a single console, giving you everything you need to manage both compliance and threats:

• Asset Discovery
• Vulnerability Assessment
• Intrusion Detection
• Behavioral Monitoring
• Security Information and Event Management (SIEM)

 

Zartek Global USM includes active and passive scanning technologies, allowing you to address the needs of your unique environment while meeting NERC CIP compliance requirements.

This unified approach means you can rely on the built-in security technologies and integrated threat intelligence to help you assess your BES and the impact of each system. Instead of spending valuable time gathering and analyzing data from across your network manually, you can utilize the monitoring, analysis and reporting capabilities that ship with the Zartek Global USM platform to give you the essential information you need.

 

Accelerate Threat Detection and Response with Zartek Global Threat Intelligence

To help you stay ahead of the evolving threat landscape and meet NERC CIP compliance, you need threat intelligence that enables you to quickly detect, prioritize and eliminate danger to your network.

Zartek Global Labs delivers continuous updates to the built-in security controls to ensure your network is instrumented to detect the latest threats. And, the integration between our Open Threat Exchange (OTX) and your USM deployment means that you’re alerted whenever indicators of compromise (IOCs) being discussed in OTX are present in your network. These updates and the OTX integration enable USM to more easily identify emerging threats targeting your network, such as:

• Suspicious system behavior like abnormal network flows and protocol usage
• Command and Control (C&C) communication
• Malware infections (rootkits, botnets, remote access trojans, and more)
• Access attempts by bad actors
• Escalation of privilege for specific user accounts

Unify your defenses and simplify GLBA compliance

Banks, credit unions, and other financial services firms have a legal obligation to protect consumer information. The Gramm-Leach-Bliley Act (GLBA) of 1999 outlines these specific responsibilities in the interest of consumer privacy. These requirements mandate that US-based financial institutions create an information security program to:

• Ensure the security and confidentiality of customer information;
• Protect against any anticipated threats or hazards to the security or integrity of such information; and
• Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

 

The Federal Financial Institutions Examination Council (FFIEC) supports this mission by providing extensive, evolving guidelines for compliance. The FFIEC IT handbook outlines these specific requirements, and we’ve mapped these against Zartek Global’s Unified Security Management capabilities.

Achieving compliance with GLBA is far from trivial. It requires implementing essential security controls for asset configuration, vulnerability assessment, threat detection, behavioral monitoring and log management. And that’s not all. IT staff then needs to monitor these controls and correlate the data being produced by them – across the entire network, in real-time. Traditional security products only perform one or two of these functions, leaving the security analyst left with figuring out how to make these disparate tools work together to provide a single, unified view into the security posture.

Leveraging field-proven technologies, Zartek Global USM provides users with an automated offering for Asset Discovery, Vulnerability Assessment, Intrusion Detection, Behavioral Monitoring, Security Intelligence & Event Management (SIEM) and integrated threat intelligence from Zartek Global Labs.