This is part 1 of a 4-part series addressing compliance myths and what you need to know about uniting compliance and security in a hybrid environment
People are confused about what compliance really is. They usually think about compliance in terms of regulations or industry requirements, which are sets of rules that exist on paper. Those rules say, “Thou shalt do X.” But they don’t say how to do X. Or maybe they say, “Do a risk assessment that provides some sort of control that mitigates the risk.” But they often don’t specify the control. Yet some businesses still think that if they can tick every box in a compliance checklist, they are secure.
Instead of focusing on the checklist, organizations should focus on how effectively their rules and controls are performing.
What Auditors Want (and why it’s so hard to give it to them)
Security and compliance are based on establishing policies for access control across the network and validating those policies on an ongoing basis by analyzing network traffic, remediating vulnerabilities, and reviewing policies for business needs. Assessing the results can take hours or even weeks, and often the necessary data has already been purged. Without the data, there is no context. Without context, there is no way to show an auditor what you’re doing differently now than you were a year ago.
Auditors want to see documents that map essential network controls to the requirements. That calls for an inventory of network devices, and creating that inventory requires visibility.
Learn the Truth about the 4 Myths of Security Policy Compliance. Download the ebook now.
The Visibility Problem
When a firewall has 2,000 lines of code, it can’t be managed on a spreadsheet. Most organizations will attempt to resolve this problem by asking their firewall vendors for administrative tools. That leaves network administrators struggling to manage as many administrative tools as they have firewalls, which can be anywhere from ten to 100 or even 200 tools. Every time a change request comes in, they have to access the right tool and interact with it – and this happens all day long.
But the tools don’t provide true visibility, either. For instance, they might display IP addresses but not show which applications are communicating with the firewall over HTTPS, whether those systems are still active, or whether a ping sent to an IP address is communicating with the same system it was when the rule was created. Hours of research will go into answering those types of questions – and the next time a change must be made, the whole process will start again. This is simply not a manageable way for security and compliance teams to conduct their compliance and security efforts. To remain both compliant and secure, organizations with complex, dynamic hybrid networks need to use automation to expose their inventory and map their controls to requirements.
6 Key Controls for Network Security Compliance
The Center for Internet Security (CIS) has identified a number of controls, including six that are critical for network security. They are:
- Critical Security Control #1: Inventory of Authorized and Unauthorized Devices
- Critical Security Control #4: Continuous Vulnerability Assessment and Remediation
- Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit Logs
- Critical Security Control #11: Secure Configurations for Network Devices
- Critical Security Control #12: Boundary Defense
- Critical Security Control #19: Incident Response and Management
How FireMon Delivers Continuous Compliance for Network Security Requirements
At least 69 percent of businesses have adopted a hybrid cloud strategy to gain scalability, flexibility, and business continuity. But these environments are so complex and dynamic that it’s hard to know what’s on the network and what rules are in use. Data may reside on one virtual machine in the morning and another at night. New devices join and leave the cloud continually. Establishing rules and controls in this dynamic environment is so challenging that poorly-managed or completely nonexistent cloud controls are a leading cause of security breaches.
FireMon provides automated network security that eliminates the need for manual processes and supports continuous compliance. Here’s how the FireMon agile network security management platform maps to the CIS’s critical network security controls:
Inventory: Know what you have and where you can find it
FireMon gathers security controls from across all network infrastructure (including on-premise, cloud, and hybrid networks), updates it in real-time, and places all the controls in a central location.
Vulnerability Assessments: Not all vulnerabilities are equal
The number of vulnerabilities is not a key metric because not all vulnerabilities will be exploited. Even if an organization wanted to mitigate every vulnerability, it wouldn’t be able to do so because the volume is so great. Instead, FireMon calculates reachability to determine whether a threat can access the vulnerability, uses simulation to trace potential paths an attacker might use to gain access to critical assets, builds an attack graph for each potential vulnerability, and decreases exposure by redirecting traffic. With this information, decisions can be made with confidence about prioritization and resource allocation.
Normalization: Gain an accurate lineup of your cloud security
Every application, micro-service, and IaaS has its own security controls and settings. After these security controls have been inventoried, they must be normalized. Without this ability, an organization would need to have to retain an expert technologist for each product they owned. FireMon normalizes controls by applying a standard that shows all components of every device in the exact same way in the FireMon interface. This saves on staffing costs and makes it easy to integrate devices with each other.
Boundary Defense: Your first line of protection
This control detects, prevents, and corrects the flow of traffic in and out of the network. FireMon sets up and modifies compliance zones to manage access, generates and customizes flexible detailed reporting, and automates workflows to reduce inadvertent errors in access requests and changes. This makes it simple to identify and prevent misconfigurations.
Log Monitoring: Data is saved, searchable, and available for further use
As information is captured from devices, FireMon’s agile network security policy management platform subjects it to real-time threat detection, analyzed for anomalous user and machine behavior, and made searchable in real-time via Elasticsearch. The data is remains available for purposes of digital forensics and accurate remediation recommendations are provided. Logs can also be sent to a change management solution like ServiceNow or Remedy, and can also be fed into a SOAR or SIEM.
Disaster Recovery: Never reconfigure risk
Rebuilding firewalls after a disaster is critical, yet often overlooked. Then, when the firewalls are rebuilt, they are reconfigured without any certainty of the consequences. Before changes are made, FireMon checks them, evaluates the risk level of the changes, and makes recommendations based on that new level.
Tightly Couple Compliance and Security with FireMon’s Agile Network Security Policy Platform
Today’s businesses need to think of compliance and security together. And now that automation has evolved to its current level of sophistication, that goal is attainable. Only FireMon’s agile network security policy management platform allows you to:
- See everything: Integrates real-time, continuous visibility across your entire network, to reduce your attack surface, eliminate leak paths, and ensure compliance.
- Integrate anywhere: Offers the most robust, flexible API on the market, so there’s no lengthy, intensive professional services.
- Adapt to change: Dynamically and continuously responds as your requirements and environment evolve—even after policies have been deployed.
- Scale and perform: Has the industry’s most robust and flexible architecture to secure even the largest and most complex networks while maintaining desired workflows.
- Protect everything: The industry’s broadest support for firewalls, devices and cloud security groups. Simply put, any firewall, any cloud.