You are here

From Periodic Security Audits to Continuous Monitoring

Once-a-year Audits are No Longer Sufficient

To maintain the highest level of protection within virtual and cloud data centers, it’s necessary to implement a system that continuously monitors security controls and enables rapid threat response. Organizations subject to regulatory compliance also require greater oversight as once-a-year audits are no longer enough. Continuous monitoring provides for the earliest detection of breaches and internal threats – but can be particularly challenging to implement in the cloud where change is constant. 

The Continous Diagnostics and Mitigation (CDM) program established by the Department of Homeland Security (DHS) defines an approach to fortifying the cybersecurity of government networks and systems. The program provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. While the program is aimed at US federal agencies, its merits are widely recognized and various program components are also used in commercial organizations who recognize the value and need for continuous monitoring.

Catbird helps Implement Continuous Monitoring in Virtual Infrastructure

Catbird Insight allows to identify and logically organize virtual resources. Workloads can be grouped by function, ownership and policy scope (for example FISMA or FedRAMP). Once defined activities can be continuously monitored and measured against those workload policies in real-time. Non-conforming activities are detected at the earliest stage, triggering alerts. Through Catbird Secure real-time policy enforcement actions can be invoked to mitigate risk instantly. 

Catbird is an active participant in the CDM space. Catbird’s security product suite – through its built-in security controls – delivers the following high-value functions as specified by CDM:

  • Configuration Management: Catbird Secure includes SCAP/OVAL compliant configuration checking tools coupled with our alerting and reporting mechanisms. OVAL/XCCDF configuration checks can be executed on demand or automatically as scheduled.
  • Vulnerability Management: Catbird includes SCAP/OVAL compliant vulnerability checking tools coupled with our alerting and reporting mechanisms. CVEs are enumerated, and a CVSS is expressed.
  • Network Access Control Management: Catbird automates management of the primary network access controls in accordance with a policy control framework (e.g. NIST 800-53). We white list permitted connections and both alert on and automatically block deviations (optional). All NetFlow data in scope is correlated against the control policy and reported.
  • Security Related Behavior Management: Catbird TrustZones organize workloads based on ownership/data classification, function or other criteria. Inter-zone and intra-zone connections are continuously monitored against policy and non-conforming events trigger alerts and can be auto-enforced. All non-conforming events are indicative of data misdirection, privilege escalation, or other unknown security threat. Our continuous monitoring and alerting provides SOC operations with real-time notification of potential threats.