Applied Watch Technologies
Training Video
Download Demo

Compliance

Regulatory/Statutory Remediation

Applied Watch is well-positioned to capture a large share of revenue based on the new mandates in governmental regulations. New Federal regulation, consumer privacy requirements and the need for increased security post September 11th are fueling increasing emphasis on open source security:

Federal Information Security Management Act - FISMA

Federal Information Security Management Act of 2002 (FISMA) Title III/Subchapter 3 - Information Security

The purpose of subchapter 3 of FISMA among other things is to provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets.

Cross Agency FISMA Requirements:
  1. Providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of information.
  2. Assessing the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of such information or information systems.
  3. Implementing policies and procedures to cost-effectively reduce risks to an acceptable level.
  4. Periodically testing and evaluating information security controls and techniques to ensure that they are effectively implemented.
  5. Implement Procedures for detecting, reporting, and responding to security incidents, consistent with standards and guidelines issued pursuant to section 3546(b), including (A) mitigating risks associated with such incidents before substantial damage is done, (B) notifying and consulting with the Federal information security incident center, notifying and consulting with appropriate law enforcement agencies.
Federal Information Security Incident Center
  1. Provide timely technical assistance to operators of agency information systems regarding security incidents, including guidance on detecting and handling information security incidents
  2. Compile and analyze information about incidents that threaten information security
  3. Inform operators of agency information systems about current and potential information security threats, and vulnerabilities.

Applied Watch Technologies assists federal and military organizations in meeting FISMA compliance through the implementation of it's Applied Watch Command Center intrusion management suite.

Applied Watch meets the individual demands of FISMA by:
  1. Providing a 360 degree holistic view of the entire enterprise through a single Dashboard view offers security event management, risk assessments, and security device management through a unique policy manager.
  2. The Applied Watch Dashboard aggregates each and every "like" event affecting nodes across the enterprise. The Dashboard takes normalized events sent from remote Intrusion Detection System sensors and offers both an alert system and policy management system for continuous tuning of the security systems in place. The Dashboard offers an open source powered approach to risk assessments through support of the Nessus vulnerability scanner. Using the Applied Watch Command Center, security engineers are able to execute or schedule automated risk assessments across the enterprise and view the results later in the enterprise report viewer. Additionally, the Dashboard offers the capability to detect new IP addresses added or removed from the network since the last risk assessment, as well as flag identified vulnerabilities as false positives.
  3. Relying on free, open source security applications, the Applied Watch Command Center provides a fundamentally advanced approach to security management by relying on open source software to assist federal and military agencies in keeping total cost of ownership (TCO) lower than competing solutions.
  4. Individual windows classify and separate events in to different priority levels for focused attention to only higher priority events. In addition to the detection capabilities of the Command Center and it's remote SNORT® IDS Agents, the Command Center also offers incident response and forensic capabilities for packet analysis and conducting image dumps and non-volatile memory dumps of suspected compromised hosts from remote locations over the network.
  5. The Applied Watch Command Center offers over 20 different executive and technical report templates as well as a custom report that allows the security analyst to specify the data to be reported on as well as the Agents and or group of Agents to report on.

top


SOX

Sarbanes-Oxley (SOX) regulation mandates improved accounting oversight and assurance. Public firms are minimally expected to reassess and re-certify the access and integrity of systems primary to corporate financial reporting including the removal of access beyond that needed. Open source security management identifies excessive access and trims it to only that actively used and needed.

top


Gramm-Leach-Bliley Act - GLB

Under the Gramm-Leach-Bliley Act, the Safeguards Rule, enforced by the Federal Trade Commission, requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.

GLB Part 314 - Standards for Safeguarding Customer Information require that covered entities:
  1. Develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.
  2. Insure the security and confidentiality of customer information.
  3. Protect against any anticipated threats or hazards to the security or integrity of such information.
  4. Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer
  5. Designate an employee or employees to coordinate your information security program
  6. Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such a risk assessment should include consideration of risks in each relevant area of your operations including: (1) Employee training and management; (2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and (3) Detecting, preventing and responding to attacks, intrusions, or other systems failures.
  7. Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures.
  8. Oversee service providers, by: (1) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; and (2) Requiring your service providers by contract to implement and maintain such safeguards.
  9. Evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (c) of this section; any material changes to your operations or business arrangements; or any other circumstances that you know or have reason to know may have a material impact on your information security program.
The Applied Watch Command Center assists organizations alike in conforming to the security controls mandated by the GLB Act through:
  1. Security analysts are able to monitor an entire enterprise through a single Dashboard monitoring view that categorizes threats in to separate, collapsable, pivot table priority windows. These alert views can be expanded, moved around, minimized, and event closed without the concern over lost events. The Applied Watch Command Center offers a multi-pronged approach to alert monitoring, device management, event notification, and incident response.
  2. Risk Analysis and Vulnerability Assessments Along with the many other open source and commercial security applications supported by the Applied Watch Command Center, one critical component offers vulnerability identification, remediation, and mitigation using the open source Nessus vulnerability scanner. Native support of this command-line utility provides a graphical user interface to the user allowing vulnerability assessments to be executed and even scheduled via a calendar to be automatically run later.
  3. Nessus support offers a unique vulnerability reporting interface that provides a detailed report of vulnerabilities in the environment needing attention. Support for Nessus also introduces capabilities for identifying new machines added to the network, machines that have been removed, as well as a capability for flagging vulnerabilities as false positives. Vulnerabilities are prioritied from high to low so security engineers can focus on mitigating higher threats before focusing on lower priority issues.
  4. Through native support for Syslog-NG, the Command Center supports multiple log formats, including Cisco Pix firewalls, and application, system, and security Windows event logs. This support allows security analysts to review critical server logs for fail login attempts, application crashes, dropped packets, and other activity that may be precursors to an attack.
  5. With integrated support for both open source SNORT® and Snort-Inline, the Applied Watch Commnad Center provides multiple level of Intrusion Detection and Prevention at cost effective alternatives to costly commercial solutions. Through daily updates to IDS/IPS rulesets from snort.org and bleedingedge.com Snort® rulesets, security analysts are kept up-to-date with the latest malware, spyware, and virus rule patterns. With the support for Snort-Inline intrusion prevention, malware is not only detected, but prevented before even entering the network.
  6. One of the many rich features available in the Command Center is the 3D Report Viewer, allowing over 20 different executive and technical report templates for analysts to choose from. The event reporting combined with the reports provided from Nessus, enabled analysts to identify vulnerabilities before they are exploited by Internet-born or internal threats.

top


Health Insurance Portability and Accountability Act - HIPAA

HIPAA details a set of compliance regulations for covered entities that requires them to:
  1. Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits.
  2. Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.
  3. Protect against any reasonably anticipated uses or disclosures of such information that are not permitted.
HIPAA requires that covered entities meet the requirements of Sec. 164.306 by implementing:
  1. Security management process (Standard) : Implement policies and procedures to prevent, detect, contain, and correct security violations.
  2. Risk analysis (Required): Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
  3. Risk Management (Required): Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
  4. Sanction policy (Required): Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity.
  5. Information system activity review (Required): Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
  6. Assigned security responsibility (Standard): Identify the security official who is responsible for the development and implementation of the policies and procedures.
  7. Workforce security (Standard): Implement policies and procedures to ensure that all members of its workforce have appropriate access to electronic protected health information, as provided under paragraph (a)(4) of this section, and to prevent those workforce members who do not have access under paragraph (a)(4) of this section from obtaining access to electronic protected health information.
  8. Information access management (Standard): Implement policies and procedures for authorizing access to electronic protected health information.
  9. Security awareness and training (Standard): Implement a security awareness and training program for all members of its workforce (including management).
  10. Security reminders (Addressable): Periodic security updates.
  11. Protection from malicious software (Addressable): Procedures for guarding against, detecting, and reporting malicious software.
  12. Log-in monitoring (Addressable): Procedures for monitoring log-in attempts and reporting discrepancies.
  13. Password management (Addressable): Procedures for creating, changing, and safeguarding passwords.
  14. Security incident procedures (Standard) Implement policies and procedures to address security incidents.
  15. Contingency plan (Standard): Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
  16. Evaluation (Standard): Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which an entity's security policies and procedures meet the requirements.
  17. Facility Facility access controls (Standard: Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
  18. Workstation use (Standard): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic protected health information.
  19. Workstation security (Standard): Implement physical safeguards for all workstations that access electronic protected health information, to restrict access to authorized users.
  20. Device and media controls (Standard): Implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of a facility, and the movement of these items within the facility.
  21. Access control (Standard): Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights
  22. Audit controls (Standard): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
  23. Integrity (Standard): Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
  24. Person or entity authentication (Standard): Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
  25. Transmission security (Standard): Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network
The Applied Watch Command Center assists organizations in meeting HIPAA compliance through a multifarious set of rich features and capabilities. These inlude:
  1. Security management process, Audit controls: Security analysts are able to monitor an entire enterprise through a single Dashboard monitoring view that categorizes threats in to separate, collapsable, pivot table priority windows. These alert views can be expanded, moved around, minimized, and event closed without the concern over lost events. The Applied Watch Command Center offers a multi-pronged approach to alert monitoring, device management, event notification, and incident response.
  2. Risk Analysis and Vulnerability Assessments Along with the many other open source and commercial security applications supported by the Applied Watch Command Center, one critical component offers vulnerability identification, remediation, and mitigation using the open source Nessus vulnerability scanner. Native support of this command-line utility provides a graphical user interface to the user allowing vulnerability assessments to be executed and even scheduled via a calendar to be automatically run later.
  3. Risk Management: Nessus support offers a unique vulnerability reporting interface that provides a detailed report of vulnerabilities in the environment needing attention. Support for Nessus also introduces capabilities for identifying new machines added to the network, machines that have been removed, as well as a capability for flagging vulnerabilities as false positives. Vulnerabilities are prioritied from high to low so security engineers can focus on mitigating higher threats before focusing on lower priority issues.
  4. Information system activity review: Through native support for Syslog-NG, the Command Center supports multiple log formats, including Cisco Pix firewalls, and application, system, and security Windows event logs. This support allows security analysts to review critical server logs for fail login attempts, application crashes, dropped packets, and other activity that may be precursors to an attack.
  5. Protection from malicious software: With integrated support for both open source SNORT® and Snort-Inline, the Applied Watch Commnad Center provides multiple level of Intrusion Detection and Prevention at cost effective alternatives to costly commercial solutions. Through daily updates to IDS/IPS rulesets from snort.org and bleedingedge.com Snort® rulesets, security analysts are kept up-to-date with the latest malware, spyware, and virus rule patterns. With the support for Snort-Inline intrusion prevention, malware is not only detected, but prevented before even entering the network.
  6. Security Reminders: One of the many rich features available in the Command Center is the 3D Report Viewer, allowing over 20 different executive and technical report templates for analysts to choose from. The event reporting combined with the reports provided from Nessus, enabled analysts to identify vulnerabilities before they are exploited by Internet-born or internal threats.

Back to the top