Reduce the Cost & Complexity of ISO 27001 Compliance
AlienVault Unified Security Management™ (USM™) helps you simplify ISO information security compliance with a single, complete solution.
ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide a worldwide standard for information security.
Achieving 27001 compliance can be challenging for many organizations because of its broad scope, especially for organizations with limited resources. To accelerate ISO information security compliance, you need to simplify, consolidate, and automate essential security controls to unify policy monitoring, threat detection, and remediation prioritization.
AlienVault Unified Security Management TM(USMTM) delivers the essential security controls you need for ISO 27001 security compliance:
Automated Asset Discovery & Vulnerability Assessment
- Active and passive asset discovery
- Vulnerability assessment
Continuous Security Monitoring
- Detect policy violations quickly
- IDS, FIM, NetFlow, Service Availability
Powerful Reporting & Dashboard
- Report templates for ISO 27001 simplifies audits
- Custom queries and fast searches accelerate audit responses
Asset Discovery & Monitoring
A fundamental component of ISO 27001 compliance is creating and maintaining a comprehensive asset inventory. USM’s built-in asset discovery capability combines essential discovery and inventory technologies to give you full visibility into the devices that are on your network:
- Passive network monitoring to discover hosts and installed software without affecting system performance or network utilization
- Active network scanning to obtain more detailed information about devices and installed software
Once USM has created your asset inventory, its built-in vulnerability assessment alerts you to vulnerabilities on those systems. You can then use the prioritized list of vulnerabilities to remediate critical vulnerabilities before an attacker can exploit them.
In addition, USM’s integrated vulnerability tells you when your assets are vulnerable to the exploits it detects with its IDS capabilities.
Continuous Monitoring with USMTM
ISO 27001 compliance requires the aggregation of event data from multiple systems into a single view. AlienVault USM delivers the visibility you need in a single platform – saving you the time and expense of manually aggregating this data.
The USM platform utilizes the built-in essential security controls to generate the data that enables you to detect policy violations quickly and reduce time to compliance.
- Host and network IDS detect malicious activity targeting your assets
- File Integrity Monitoring (FIM) detects changes in critical files
- NetFlow identifies unusual network activity
- Service availability monitoring ensure essential services are running
This unified approach allows you to quickly answer the critical questions that are required for ISO 27001 compliance:
- What are my critical assets and how are they configured?
- Where are my critical assets located?
- How is my network segmented to limit access to these assets?
- Who has access to these resources?
- What are the vulnerabilities that affect my compliance status?
- What constitutes baseline activity in my network?
- Which users are violating policies?
- What are my privileged users doing?
Flexible Reporting & Dashboard
ISO 27001 compliance requires on-going policy enforcement. The built-in security controls, combined with USM’s powerful reporting engine, help you develop and monitor your policies from a single console.
The USM platform provides report templates for ISO 27001 as well as the ability to customize those templates, ensuring that you can generate the reports you need. There are also compliance reports for other regulatory requirements such as HIPAA, PCI-DSS, GLBA, NERC CIP, GPG13 and other programs.
- Web-based executive dashboards with “click through” detail
- Custom report queries and fast searches
- Auto-report generation and distribution (PDF, Email, HTML, etc.)
- Role-based access control for customized views