nesa on steroids
TRANSCRIPT
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
STRICTLY PRIVATE & CONFIDENTIAL © 2015
1
NESA on Steroids
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
2 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NESA UAE IA Standard
Management Control Family• M1 Strategy and Planning• M2 Information Security Risk
Management• M3 Awareness and Training• M4 Human Resources Security• M5 Compliance• M6 Performance Evaluation and
Improvement
Technical Control Family• T1 Asset Management• T2 Physical and Environmental
Security• T3 Operations Management• T4 Communications• T5 Access Control• T6 Third-Party Security• T7 Information Systems Acquisition,
Development and Maintenance• T8 Information Security Incident
Management• T9 Information Systems Continuity
Management
The UAE IA Standard is divided into 2 families of security controls: Management and Technical security controls. The control families are further structured into control sub-families and individual controls and sub-controls. There are 188 security controls prescribed as part of the standard.
Security Control Priority
Total Count of Security Controls
P1 Controls 39
P2 Controls 69
P3 Controls 35
P4 Controls 45
Total 188
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
3 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Acceptable Changes in the Implementation PrioritiesImplementing entities may alter (promote or demote) the suggested priority of controls based on the outcomes of their risk assessment, with the exception of top priority controls (P1), which if applicable, may be augmented but never reduced.
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
4 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NESA Compliance ApproachThe implementation of NESA Compliance should be undertaken in 4 phases
Critical Services Identification
Gap & Risk Assessment
Control Development & Implementation
Control Effectiveness Check & Audit
Phase
1
Project Planning
Identify Critical Business Services across the organization
Identify Critical Information Infrastructures (CII) supporting critical business services
Phase
2
Assess existing control gaps vis-a-vis NESA UAE IA StandardAssess threats and vulnerabilities that can exploit the gapsIdentify Cyber security controls that will reduce the identified risksDefine a detailed NESA Implementation RoadmapPerform Data Classification
Phase
3
Develop P1 controlsImplement support for P1 controlsDevelop P2 ControlsImplement support for P2 ControlsDevelop P3 ControlsImplement support for P3 ControlsDevelop P4 ControlsImplement support for P4 ControlsConduct comprehensive security awareness program
Phase
4
Assess performance of the implemented controlsConduct pre-compliance auditAssist organization in meeting compliance to NESA requirements during the compliance audit.
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
5 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Type 1 Implementation Plan- Entity Wise
Stage 1- Support Departments (IT, HR, Admin, Finance, Legal,
Compliance)
Stage 2-Customer Facing Departments
Stage 3-Back-end Operations Department
Full NESA Compliance for Support Departments
Phase 2
Phase 3Phase 4
Phase 1
Full NESA Compliance for Customer Facing Departments
Full NES Compliance for Back-end Operations Departments
Phase 2
Phase 3Phase 4
Phase 1 Phase 2
Phase 3Phase 4
Phase 1
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
6 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Type 2 Implementation Plan- Control Wise
Stage 1- P1 Compliance (39 Controls) + P2 Compliance (23
Controls)- For All Depts.
Stage 2- P3 Compliance (35 Controls) + P2 Compliance (23
Controls)- For All Depts.
Stage 3- P4 Compliance (45 Controls) + P2 Compliance (23
Controls)- For All Depts.
Full Compliance to P1 controls for the entire organization
Phase 2Phase 3Phase 4Phase 1
Full Compliance to P3 controls for the entire organization
Full Compliance to P2 & P4 controls for the entire organization
Phase 2Phase 3Phase 4Phase 1 Phase 2Phase 3Phase 4Phase 1
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
7 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P1 controlsSecurity Family Count of
ControlsStrategy and Planning 4
Information Security Risk Management
12
Awareness and Training 1
Human Resource Security 3
Asset Management 1
Operations Management 3
Operations Management 2
Access Control 12
Information Systems Acquisition, Development and Maintenance
1
Total 39
Sample List of Structural & Procedural Controls
Leadership and management commitment
Roles and responsibilities for information security
Information security risk management
Training needs
Removal of access rights
Management of removable media
Controls against malware
Information backup
User Access Management
Sample List of Suggested Technology Controls
Risk Management Tool
End Protection Solution for Anti-malware
Backup & restore solution
Identity & Access Management System
VPN
Vulnerability Scanning
Segregation of network
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
8 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P1 controls Compliance with Paladion Expert Systems
Sample List of Structural & Procedural Controls
Leadership and management commitment
Roles and responsibilities for information security
Information security risk management
Training needs
Removal of access rights
Management of removable media
Controls against malware
Information backup
User Access Management
Sample List of Suggested Technology Controls
Risk Management Tool
End Protection Solution for Anti-malware
Backup & restore solution
Identity & Access Management System
VPN
Vulnerability Scanning
Segregation of network
Ready to use knowledgebase & Experienced Consultants
NESA Compliant Risqvu GRC
NESA Compliant Managed End Point Service
NESA Compliant Managed End Point Service
NESA Compliant Paladion IAM Service
NESA Compliant Paladion Managed End Point Service
NESA Compliant Paladion Managed Security Testing & Monitoring Service
Ready to use knowledgebase & Experienced Consultants
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
9 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P2 controlsSample List of Structural & Procedural Controls
Third Party Security
Information security objectives
Awareness and training program
Human resources security policy
Internal audits
Asset Management
Physical & Environmental Security
Security Monitoring
Network Security
Cloud Security
Software Security
Cryptography
Incident Management
Sample List of Suggested Technology Controls
Compliance Management Tool
Asset Management Tool
Configuration Management Tool
DLP Solution
Wireless network security
SEIM Solution
Static Application Security Testing (SAST)/ Dynamic Application Security Testing (DAST) Tool
Cryptographic controls & Key Management Systems
Building Physical Security Systems
Building Environmental Control Systems
Security Family Count of Controls
Information Security Risk Management
1
Awareness and Training 6
Human Resource Security 5
Compliance 5
Performance Evaluation & Improvement
4
Asset Management 6
Physical & Environmental Security 5
Operations Management 6
Communications Security 4
Access Control 4
Third Party Security 5
Information Security Acquisition Development and Maintenance
8
Information Security Incident Management
3
Total 69
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
10 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P2 controls Compliance with Paladion Expert Systems
Sample List of Structural & Procedural Controls
Third Party Security
Information security objectives
Awareness and training program
Human resources security policy
Internal audits
Asset Management
Physical & Environmental Security
Security Monitoring
Network Security
Cloud Security
Software Security
Cryptography
Incident Management
Sample List of Suggested Technology ControlsCompliance Management ToolAsset Management Tool
Configuration Management Tool
DLP Solution
Wireless network security
SEIM Solution
SAST & DAST Tool
Cryptographic controls & Key Management Systems Building Physical Security Systems
Building Environmental Control Systems
Ready to use knowledgebase & Experienced Consultants
NESA Compliant Risqvu GRC
NESA Compliant Risqvu GRC
NESA Compliant Paladion Managed End Point Service
NESA Compliant Paladion Managed End Point Service
NESA Compliant Paladion Managed Network Service
NESA Compliant Paladion Managed Security Testing & Monitoring Service
Advisory Services for implementation
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
11 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P3 controlsSample List of Structural & Procedural Controls
Data protection and privacy of personal information
Performance evaluation policy
Classification of information
Physical & Environmental Security
Security Monitoring
Electronic messaging
Information Transfer
Network Security
Software Security
Information systems continuity plans
Sample List of Suggested Technology Controls
Data Classification Solution
SIEM Solution
Change control & monitoring solution
Software testing & bug tracking solution
Media Shredding Devices
Security Family Count of Controls
Awareness and Training 1Compliance 2Performance Evaluation and Improvement
1
Asset Management 3Physical and Environmental Security
7
Operations Management 4Communications Security 5
Access Control 2Information Security Acquisition Development and Maintenance
7
Information Systems Continuity Management
3
Total 35
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
12 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P3 controls Compliance with Paladion Expert Systems
Sample List of Structural & Procedural Controls
Data protection and privacy of personal informationPerformance evaluation policy
Classification of information
Physical & Environmental SecuritySecurity Monitoring
Electronic messaging
Information Transfer
Network Security
Software Security
Information systems continuity plans
Sample List of Suggested Technology Controls
Data Classification Solution
SIEM Solution
Change control & monitoring solution
Software testing & bug tracking solution
Media Shredding Devices
Ready to use knowledgebase & Experienced Consultants
NESA Compliant Paladion Managed End Point Service
NESA Compliant Paladion Managed Security Testing & Monitoring Service
NESA Compliant Paladion Managed Security Testing & Monitoring Service
Advisory Services for implementation
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
13 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P4 controlsSample List of Structural & Procedural Controls
Contact with authorities
Information systems audit controls
Supporting utilities
Capacity management
Connectivity to information sharing platforms
Teleworking
Third-party security policy
Control of operational software
Incident response testing
Information systems continuity management policy
Sample List of Suggested Technology Controls
Network Time Synchronization Solution
Network Access Control (NAC) Solution
Mobile Device Management (MDM) Solution
File Integrity Monitoring (FIM) Solution
Security Family Count of Controls
Strategy and Planning 2Compliance 6Physical and Environmental Security 4Operations Management 4Communications Security 4Access Control 4Third Party Security 1
Information Systems Acquisition Development and Maintenance
9
Information Security Incident Management
10
Information Systems Continuity Management
1
Total 45
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
14 STRICTLY PRIVATE & CONFIDENTIAL © 2015
P4 controlsSample List of Structural & Procedural Controls
Contact with authorities
Information systems audit controls
Supporting utilities
Capacity management
Connectivity to information sharing platforms
Teleworking
Third-party security policy
Control of operational software
Incident response testing
Information systems continuity management policy
Sample List of Suggested Technology Controls
Network Time Synchronization Solution
Network Access Control (NAC) Solution
Mobile Device Management (MDM) Solution
File Integrity Monitoring (FIM) Solution
Ready to use knowledgebase & Experienced Consultants
NESA Compliant Paladion Managed Network Service
NESA Compliant Paladion Managed Network Service
NESA Compliant Paladion Managed Mobile Devices
Advisory Services for implementation
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth levelNESA Compliance Management Solution from Paladion
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
16 STRICTLY PRIVATE & CONFIDENTIAL © 2015
NESA Compliance Management Solution (NESA-CMS)
Managed NESA GRC Managed Network Security
Managed Endpoint Security
Managed Mobile Device Security
Managed Security Testing & Monitoring
NESA GRC Implementation
1
NESA Compliance Audit Support
2
Ongoing Sustenance of
NESA GRC3
Perimeter Security1
Web Proxy2
URL Filter3
Wifi Security4
Remote User Access Security
5
NESA Compliance Management Solution (NESA- CMS)
Solution Component 1
Solution Component 2
Solution Component 3
Solution Component 4
Solution Component 5
Endpoint protection
1
DLP2
Patch Management
3
Backup Management
4
Client VPN5
Mobile Device Management
1
Mobile Application Management
2
Mobile Email Management
3
Mobile Browsing Management
4
Mobile Endpoint protection
5
Security Testing1
Security Log collection & analysis
2
Log Retention3
Security Incident Management
4
Brand Monitoring5
NESA-CMS is a one-stop package for entities who are mandated by NESA to demonstrate their compliance to the stringent cyber security requirements of UAE IA standard.
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
17 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Solution Component 1- Managed NESA GRC
Paladion delivers the NESA GRC program in a very compact model using RisqVU GRC solution. It has NESA compliant workflows, pre-defined NESA knowledgebase, reporting template and customizable capabilities based upon varying requirements from one organization to another.
Security AwarenessSecurity Leadership & Team Structure
Risk AssessmentBusiness Units
Products & Services
Business processes
Applications
Infrastructures
Facilities
Vendors
Security GRCProgram
Maturity Measurement
Audit & Tracking
Risk
Cyber SecurityRisk
Assessment
TechnologyRisks
Process Risks
Verification & ValidationSecurity GRC ProgramRisk AssessmentAsset Identification
Security Strategy
VendorRisks
Risk Management
Audit Management
Enterprise Dashboard
Awareness
Administration
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
18 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Solution Component 2- Managed Network Security
The implementation of Solution Component-2 will include deployment & ongoing administration of perimeter security devices e.g. firewall & IPS, web proxies, URL filter, Wi-Fi security, remote user access security etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.
• We provide ‘complete network security package’ in a service model – network security technologies bundled with comprehensive services for deployment, management, operations, monitoring and support delivered remotely from SOC
• You do not need to procure any technology, hardware or software and build security skills to deploy, manage and operate the network security set-up
• Simplified and fast deployment and operations in an opex model with zero upfront capex
Fully Managed Service
• We provide all the services that you need for robust protection of your network security on 24x7 basis – network security management, operations, monitoring & support - from our ISO 27001 certified SOC managed by security experts to give you peace of mind that your network is protected against threat at all times
• Pre-configured policies & rules based on industry best practices that can be modified to suit your requirements• Easy policy & configuration management, monitoring, enforcement and prompt response in case of any events
Continuous 24x7 Protection
• You get access to our Customer Portal which provides real-time security and service delivery visibility into the status of your network security and other security services delivered by Paladion OnDemand. This helps you achieve a better & unified control on your security outcomes.
• The portal can be accessed from anywhere at anytime, thus providing an “Always-on” 24x7x365 Visibility of your security posture with respect to network security. Customers can use the portal to view security and compliance reports & dashboards, and also interact with our SOC through ticketing workflow management.
“Always-On” Unified Visibility
and Control
• Customer Portal provides you with a complete, 24x7 visibility into the outcomes of network security services, with on-demand reporting.
• You get intuitive and easy-to-read reports and dashboards to meet the requirements of management as well as technical personnel and several regulatory requirements
• You can get to see several pre-built reports and dashboards, as well as define your own custom reports and dashboards
Comprehensive Reports &
Dashboards
• Our service enables you to demonstrate regulatory compliance to auditors quickly and effectively. • We have pre-built and customizable report templates that helps generate consolidated reports to meet compliance
requirements. • You do not need to invest time and efforts to get data from several sources to be able to show compliance to auditors.
Easily meet & demonstrate
regulatory compliance
Firewall/IPS
Gateway Anti-virus
Botnet Filtering
Wi Fi
Policy and Configuration Management
URL/Web Content Filtering
VPN & Roaming User Management
Compliance & Monitoring
Proxy Caching
Bandwidth Control
Geo-IP Filtering
Web 2.0 Controls
Customer Portal
Reports & Dashboards
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
19 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Solution Component 3- Managed Endpoint Security
The implementation of Solution Component-3 will include deployment & ongoing administration of endpoint protection solution, DLP agent, patch management solution, backup & restoration solution, client VPN etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.
• We provide ‘complete end point security package’ in a service model – end point security technologies bundled with comprehensive services for deployment, management, operations, monitoring and support delivered remotely from SOC
• You do not need to procure any technology, hardware or software and build security skills to deploy, manage and operate the end point security set-up
• Simplified and fast deployment and operations in an opex model with zero upfront capex
Fully Managed Service
• We provide all the services that you need for robust protection of your end point security on 24x7 basis – end point devices security management, operations, monitoring & support - from our ISO 27001 certified SOC managed by security experts to give you peace of mind that your end point devices are protected against threat at all times
• Pre-configured policies & rules based on industry best practices that can be modified to suit your requirements• Easy policy & configuration management, monitoring, enforcement and prompt response in case of any events
Continuous 24x7 Protection
• You get access to our Customer Portal which provides real-time security and service delivery visibility into the status of your end point security and other security services delivered by Paladion OnDemand. This helps you achieve a better & unified control on your security outcomes.
• The portal can be accessed from anywhere at anytime, thus providing an “Always-on” 24x7x365 Visibility of your security posture with respect to end point devices security. Customers can use the portal to view security and compliance reports & dashboards, and also interact with our SOC through ticketing workflow management.
“Always-On” Visibility and
Control
• Customer Portal provides you with a complete, 24x7 visibility into the outcomes of end point security services, with on-demand reporting.
• You get intuitive and easy-to-read reports and dashboards to meet the requirements of management as well as technical personnel and several regulatory requirements
• You can get to see several pre-built reports and dashboards, as well as define your own custom reports and dashboards
Comprehensive Reports &
Dashboards
• Our service enables you to demonstrate regulatory compliance to auditors quickly and effectively. • We have pre-built and customizable report templates that helps generate consolidated reports to meet compliance
requirements. • You do not need to invest time and efforts to get data from several sources to be able to show compliance to auditors.
Easily meet & demonstrate
regulatory compliance
Anti-Virus/Anti-Malware
Firewall
Desktop Compliance
Inventory
Policy and Configuration Management
Device Control
Application Control
Compliance & Monitoring
Back-up (local)
Client VPN
IT Usage/Productivity
Patch Management
Customer Portal
Reports & Dashboards
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
20 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Solution Component 4- Managed Mobile Device Security
The implementation of Solution Component-4 will include deployment & ongoing administration of mobile device management solution, mobile application management module, mobile email management module, mobile browsing management module, mobile endpoint protection module etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.
• We provide ‘complete mobile devices (including BYOD) security package’ in a service model – MDM/EMM technologies bundled with comprehensive services for deployment, management, operations, monitoring and support delivered remotely from SOC
• You do not need to procure any technology, hardware or software and build security skills to deploy, manage and operate the Mobile Devices/BYOD security set-up
• Simplified and fast deployment and operations in an opex model with zero upfront capex
Fully Managed Service
• We provide all the services that you need for robust protection of your mobile devices/BYOD set-up on 24x7 basis - mobile devices security management, operations, monitoring & support - from our ISO 27001 certified SOC managed by security experts to give you peace of mind that your corporate data on the mobile devices are protected against threat at all times
• Pre-configured policies & rules based on industry best practices that can be modified to suit your requirements• Easy policy & configuration management, monitoring, enforcement and prompt response in case of any events
Continuous 24x7 Protection
• You get access to our Customer Portal which provides real-time security and service delivery visibility into the status of your mobile devices security and other security services delivered by Paladion OnDemand. This helps you achieve a better & unified control on your security outcomes.
• The portal can be accessed from anywhere at anytime, thus providing an “Always-on” 24x7x365 Visibility of your security posture with respect to mobile devices security. Customers can use the portal to view security and compliance reports & dashboards, and also interact with our SOC through ticketing workflow management.
“Always-On” Visibility and
Control
• Customer Portal provides you with a complete, 24x7 visibility into the outcomes of mobile devices/BYOD security services, with on-demand reporting.
• You get intuitive and easy-to-read reports and dashboards to meet the requirements of management as well as technical personnel and several regulatory requirements
• You can get to see several pre-built reports and dashboards, as well as define your own custom reports and dashboards
Comprehensive Reports &
Dashboards
• Our service enables you to demonstrate regulatory compliance to auditors quickly and effectively. • We have pre-built and customizable report templates that helps generate consolidated reports to meet compliance
requirements. • You do not need to invest time and efforts to get data from several sources to be able to show compliance to auditors.
Easily meet & demonstrate
regulatory compliance
Mobile Device Management (MDM)
Mobile Application Management (MAM)
Containerization and App Wrapping
Anti-Virus
Policy and Configuration Management
Mobile Email Management (MEM)
Mobile Browsing Management (MBM)
Compliance & Monitoring
Location Tracking
BYOD Management
Geo-Fencing
Mobile Kiosk Management (MKM)
Customer Portal
Reports & Dashboards
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
21 STRICTLY PRIVATE & CONFIDENTIAL © 2015
Solution Component 5- Managed Security Testing & MonitoringThe implementation of Solution Component-5 will include deployment & ongoing administration of security testing e.g. penetration testing, application security testing, configuration review etc., security log collection & analysis on a 24/7 basis, log retention, security incident management support, brand monitoring service e.g. phishing monitoring, website malware monitoring etc. Implementing entities will have the choice to select the desired technologies as per the technology requirements of UAE IA Standard.
• We provide ‘complete security monitoring package’ in a service model –security monitoring technology (SIEM) bundled with comprehensive services for deployment, management, operations, monitoring and support delivered remotely from SOC
• You do not need to procure any technology, hardware or software and build security skills to deploy, manage and operate the security monitoring set-up
• Simplified and fast deployment and operations in an opex model with zero upfront capex
Fully Managed Service
• 24x7 security monitoring of your IT infrastructure for detection of both external and internal attacks• Our security monitoring platform automates collection, aggregation and analysis of security logs from multiple sources
covering all standard devices and platforms (servers, routers, firewalls, databases, applications and other systems• Pre-configured automated rules, alerts and reports based on industry best practices and regulatory requirements, for both
management executives and technical team• Risk based prioritization of alerts to focus mitigation efforts on higher priority events
Continuous 24x7 Protection
• You get access to our Customer Portal which provides real-time security and service delivery visibility into the status of your security monitoring and other security services delivered by Paladion OnDemand. This helps you achieve a better & unified control on your security outcomes.
• The portal can be accessed from anywhere at anytime, thus providing an “Always-on” 24x7x365 Visibility of your security posture with respect security monitoring. Customers can use the portal to view security and compliance reports & dashboards, and also interact with our SOC through ticketing workflow management.
“Always-On” Unified Visibility
and Control
• Customer Portal provides you with a complete, 24x7 visibility into the outcomes of security monitoring services, with on-demand reporting. You get intuitive and easy-to-read reports and dashboards to meet the requirements of management as well as technical personnel and several regulatory requirements. You can get to see several pre-built reports and dashboards, as well as define your own custom reports and dashboards
• Daily Security Insights / Monthly Security Insights and Compliance Reports• Pre-configured automated reports to meet several compliance requirements such as PCI, HIPAA, Central Bank guidelines,
etc
Comprehensive Reports &
Dashboards
• Our service enables you to demonstrate regulatory compliance to auditors quickly and effectively. • We have pre-built and customizable report templates that helps generate consolidated reports to meet compliance
requirements. You do not need to invest time and efforts to get data from several sources to be able to show compliance to auditors.
• Automated monitoring and alerting of compliance related events
Easily meet & demonstrate
regulatory compliance
Security Logs Collection/Aggregation
Security Logs Analysis
Incident Management Support
Daily Malware Monitoring for Websites
Rules & Alerts Management
Configurable Log Retention
Multiple Devices/Platform Support
Compliance Automation
Alerts through Email/SMS/Portal
Detect both internal & external attacks
Risk-based Alert Prioritization
24x7 Monitoring from SOC
Customer Portal
Reports & Dashboards
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth levelNext Steps to Proceed
Click to edit Master title style
STRICTLY PRIVATE & CONFIDENTIAL © 2015
Click to edit Master text styles Second level
Third level
Fourth level
Fifth level
23 STRICTLY PRIVATE & CONFIDENTIAL © 2015
How to check Your Current Compliance Level?Use our current compliance indicator tool to quickly check your current compliance level vis-à-vis NESA UAE IA Standard. Tool will automatically generate compliance level based upon your responses to the short questions on management & technical security controls as prescribed in NESA UAE IA Standard.
24 STRICTLY PRIVATE & CONFIDENTIAL © 2015 © 2015 PALADION NETWORKS PRIVATE LIMITED | WWW.PALADION.NET | CONFIDENTIAL24