Security Management Solutions
Security Management Solutions
Overview | Management | Board & Investors | Careers | Contact Us
Overview | NerveCenter | InfoCenter | ThreatCenter | LogCenter | InfoCenter on IBM BladeCenter
Overview | Compliance Solutions | Security Management Solutions | Network Management Solutions
Overview | Professional Services | Education & Training | Customer Support
Overview | Case Studies
Overview | Premier Partners | Strategic Partners | Technology Partners
Press Releases | Articles & News | Tradeshows & Exhibits
Security Monitoring Infrastructure & Security Information Management

FFIEC Security Compliance Case Study



The leading global security consulting practice was engaged by a major ATM and credit card transaction processor to perform an objective, vendor-neutral analysis of solutions for a range of compliance issues, including the instantiation of a security monitoring infrastructure. The transaction processing client's main objective was to close an FFIEC audit finding through rapid deployment of a security monitoring infrastructure, using a solution that balanced capital and human resource constraints.

In selecting technology appropriate to the client, the consultants performed testing and evaluation for three market-leading network and host IDS solutions, one open-source IDS solution, and three Security Information Management systems (SIM). The following criteria were considered critical for the selection of the SIM:

  		•  The ability to integrate the data sources in scope: SNMP traps, firewall alerts and logs, router and other syslog sources, network IDS, A/V alerts, and host IDS.
  		• The ability to perform without the deployment of SIM collector agents.
  		• The flexibility to integrate secondary alert sources from new products, which may not be market leaders (e.g. anomaly- or behavior-based network IDS).
  		• The availability and quality of professional services for deployment, and potential to deploy rapidly.
  		• Solution cost.

    A weighted decision matrix was used to score the results, which were obtained by deploying all products into a test configuration with several "target" systems that were reflective of the customer's technology infrastructure. Target systems were used to simulate several attack scenarios. Testing procedures included simple reconnaissance, attempts at system penetration, virus outbreak, and worm propagation.

    After completing the evaluation and testing, OpenService ThreatCenter was selected by the client for having met requirements best. Upon deployment into production, the ThreatCenter provided immediate value by detecting unpatched DMZ systems, which were attempting to propagate a worm (but being blocked by perimeter routers). An additional benefit was the ability of the ThreatCenter to mitigate inadequately tuned IDS sensors.

    The transaction processing client is extremely satisfied with the selection, the success of the deployment, and the value demonstrated by the OpenService ThreatCenter product.

     | Privacy Policy  | Copyright  | ©2002-2008 OpenService, Inc. All Rights Reserved