5 Steps to Satisfying OMB M-21-31 Compliance
Capturing security events and processing that information in a timely manner is one of the most important security activities that you can conduct. This activity is fundamental to larger government programs and policies including CDM, TIC 3.0, NIST 800-53, and the Zero Trust strategy. You need good information, and you need it fast.
This is where a simple five-step process can help in setting up a proper security logging architecture as well as achieve compliance with the OMB M-21-31 memorandum of 2021. This memorandum was in response to Executive Order 14028, "Improving the Nation's Cybersecurity", from May 2021.
Step 1 - Create a logging and network visibility strategy – your EL0 process
Before you blindly dive in and enable logging on every asset, you should start by verifying your existing assets and determine what your security posture should look like. For many agencies, log data is just the beginning because it's low-hanging fruit in terms of implementation difficulty, limited disruption, and budget-friendly. However, you will be well-served by taking the time to look beyond logging towards a long-term visibility strategy that can reduce risk by removing blind spots in your network.
Step 2 - Capture the right packet data to start the EL1 process
Better logging practices start with capturing good data. The first thing to do is to deploy lots of taps across your network. This gives you access to the critical monitoring data that you need and creates visibility into the network. Taps are passive network elements that are quick and easy to deploy. There are versions for your physical on-premises environment as well as cloud-based taps to capture your virtual data. Keysight has the largest range of taps on the market.
Step 3 - Decrypt relevant data as part of EL2 compliance
More than 70% of malware may now hide in encrypted packet data. Passive and active TLS decryption allows you to look into those packets and see what's hidden. After that, you can monitor and flag potentially malicious communication. This functionality helps with compliance to the EL2 stage that expressly calls for decryption capability.
Step 4 - Process network metadata to enhance EL2 compliance
Network metadata provides another source of crucial information at a fraction of the full packet and log data space. Metadata (NetFlow, J-Flow, IPFIX, IxFlow, JSON) generated from collected packets creates better network efficiency and is easier for security managers, like SIEMs, to process. This metadata can provide actionable insights.
Step 5 - Aggregate, filter, and transmit relevant data to security tools
The last component is to use a packet broker to collect and access the relevant data your security analysis tools need. A purpose-built packet broker uses advanced filtering, deduplication, and packet trimming features to enhance the efficiency of log collector and analysis tools. The data can then be forwarded to your storage solutions. In addition, these data brokers can collect traffic from any segment of the network and perform header stripping so that the data can be tunneled (i.e. GRE) back to a central data center. Keysight offers on-premises, virtual (hypervisor and public or private cloud solutions), or a hybrid mixture of both solutions that delivers lossless data capture, aggregation, and filtration of data packets. Keysight also offers a time sync reliability solution, since data logs are useless if the network isn't properly synchronized.
Enhanced logging is a necessary component for any government agency. Whether you are looking to achieve M-21-31 compliance or strengthen your Zero Trust solution, Keysight is here to help. Reach out to us and we will show you how to optimize your logging and security solutions.
- +1 Like
- Add to Favorites
Recommend
- Keysight Technologies Acquires Quantum Benchmar, Augmenting Keysight‘s Quantum Portfolio
- Keysight First to Gain GCF Approval of Cases for Validating 5G New Radio mmWave Devices in Standalone Mode
- Keysight‘s O-RAN Test Solutions Enable Xilinx to Accelerate Development of Massive MIMO Radio Reference Design
- Keysight and Transphorm Create Power Supply Reference Design that Lowers Product Costs; Speeds Time to Market
- Keysight Massively Parallel Board Test System Selected by LACROIX in Automotive Printed Circuit Board Manufacturing
- Keysight, TIM and JMA Wireless Join Forces to Showcase O-RAN Technology at Mobile World Congress 2021
- Keysight First to Gain OmniAir Qualified Test Equipment Status, Accelerating C-V2X Device Certification
- Keysight Delivers New Solution for Benchmarking 5G End-user Quality of Experience in Indoor Environments
This document is provided by Sekorm Platform for VIP exclusive service. The copyright is owned by Sekorm. Without authorization, any medias, websites or individual are not allowed to reprint. When authorizing the reprint, the link of www.sekorm.com must be indicated.