SolarWinds Security Event Manager (SEM) is an advanced on-premise SIEM tool with a built-in active threat intelligence management system, using continuously updated threat data lists to compare events against and instantly detect user, application and network threats with alerts sent out when they occur. SEM also combines log collection and correlation with event monitoring for an overview of your entire network – its unified event and log search feature makes locating suspicious activities and patterns simple – while seamlessly integrating with SolarWinds tools like Network Performance Monitor and Server & Application Monitor makes SEM an invaluable addition to any IT toolkit.
Security professionals face numerous difficulties in their careers. Government compliance standards like Defense Information Systems Agency Security Technical Implementation Guides (STIGs) often add further complications and create more confusion for them than is already needed.
There are various human-friendly tools that can assist in managing STIGs and mitigating open vulnerabilities when reviewing technology assets. This article will describe some of these tools.
SolarWinds Security Event Manager (SEM)
The SEM UI can be easily accessed via browser and is straightforward to use. Its dashboard highlights and summarizes trends and suspicious activity through interactive widgets, while different network data types can be displayed as tables and graphs with pre-configured and user-specific filter sets.
SEM software differs from competitors by processing events and logs directly in memory rather than writing them to a database, making problem identification significantly faster than competitors. With real-time processing capabilities, it can detect many threats not possible through other products – including cross-site scripting attacks and internal insider threats.
SEM includes over 300 reports that range from general summaries of activity and compliance reporting to detailed threats analysis and automated response capabilities for specific attack patterns, such as USB accessing or copying sensitive files unauthorized, with automatic ejection or quarantining of affected workstations as a result.
SEM is available as a virtual appliance that runs in Hyper-V, VMware, Microsoft Azure and Amazon Web Services environments. The minimum requirements are 250GB of storage and 8GB of RAM with additional disk space able to support larger deployments; additionally administrative access must be granted on the workstation for installation of SEM; agents can be set up to collect and send syslog messages directly into SEM but this feature isn’t essential to its operation.
SolarWinds SCAP Checker
Automated configuration management, vulnerability assessments and compliance reporting is designed to increase efficiency, performance and reliability with routers, switches and other core network devices. Suitable for large businesses with technically-savvy employees who offer a free 30-day trial of this product.
SCAP is a set of standards designed to allow software and system configuration scanning tools to communicate in a uniform manner, making them suitable for checking against security requirements such as those outlined by the Department of Defense Security Technical Implementation Guides (STIGs). Furthermore, vendors can get their products certified against SCAP through an evaluation process that requires meeting certain criteria such as interoperability with other scanners and providing scan results in a consistent format.
Ability to perform vulnerability assessments against various DoD-approved STIGs is an integral component of this product, as many government agencies require contractors to demonstrate compliance with relevant requirements such as DISA Security Technical Implementation Guides (STIG). Furthermore, you can import CCDF files directly into this product so as to enhance configuration and compliance scanning capabilities further.
This product was specifically created to aid users in managing the complex configurations of Cisco Adaptive Security Appliance (ASA) and Internetwork Operating System (IOS)-based network devices, as well as scanning for vulnerabilities using Common Vulnerabilities and Exposures (CVE) published by National Vulnerability Database (NVD). Furthermore, this tool can provide users with an overview of device status as well as their compliance with DoD-approved security requirements.
SolarWinds NCM can automatically analyze router and switch configurations to generate NIST FISMA, DISA STIG, and CMMC compliance reports out-of-the-box. Furthermore, this solution can detect changes to these configurations and alert IT teams of any potential issues as soon as they occur. Integration with Nessus Patch Scan and other scanning technologies makes security auditing even simpler for IT teams trying to meet government compliance requirements.
SolarWinds STIG Viewer
SolarWinds Server Configuration Manager (SCM) helps federal IT pros operationalize compliance monitoring by using an out-of-the-box policy engine tailored specifically to DISA STIG requirements. Furthermore, SCM allows users to easily monitor configurations and generate reports that show compliance status; alerts provide situational awareness so that your security operations team can remain focused on what matters most to them.
SCM makes it possible to filter and sort dashboards based on different criteria, including DISA STIG requirements. You can build a dashboard that shows all compliance statuses across all servers in your environment; from this view, it’s simple to view individual security statuses for each server in detail – giving an at-a-glance overview of potential vulnerabilities or threats as you prioritize responses accordingly.
SCM allows you to import DISA STIGs via an XML file or the SIG Explorer tab in the user interface, where multiple STIGs can be selected by pressing and holding CTRL while clicking each STIG. After importing one DISA STIG, its results can then be reviewed; to do so simply select any rule in the SIG Explorer and click View Vulnerabilities for that rule; you will then see a table listing vulnerabilities impacted by that rule, their severity and impact to your environment – handy!
SCM’s Change Management reports provide an efficient way to quickly gauge the effects of any DISA STIG, detailing changes such as creation, deletion, enable/disable modifications and deletion of Active Directory accounts/groups. Furthermore, its Common Controls Hub offers an all-inclusive alternative that lets you track changes across devices, systems and user account configuration settings.
SCM templates can help make your SCM instance even more effective at tracking DISA STIGs by streamlining the process. SCM offers templates for both Cisco and Juniper devices that can help prepare you for inspections as well as ensure compliance with DISA CAT I requirements. Downloadable on Thwack, these can easily integrate into your SCM instance.
SolarWinds STIG Explorer
Security Technical Implementation Guides (STIGs) are a staple for federal IT professionals, yet can be challenging for SecOps engineers to interpret and manage without assistance from tools like DISA’s free STIG Viewer utility tool – this utility allows users to import XCCDF formatted STIGs and analyze vulnerabilities quickly.
Start STIG Explorer off right by downloading it from DISA’s website and installing it on a Windows computer. Double-clicking will launch it; from there, use the Checklist menu and Create Checklist – Marked STIG(s). When done creating your checklists, save them using their respective files’ extensions such as.ckl and access them when needed within STIG Explorer tab.
Once your checklist is complete, select a rule from the table and click Edit to modify its state. For instance, changing an issue’s Criticality level from Criticality 1 to Not a Finding could help reduce potential risks while staying compliant with DISA guidelines.
If you use a standard SIEM solution, you can configure it to automatically monitor logs for DISA compliance requirements and track changes to devices, systems, user account configuration settings and database modifications as they happen. This also enables you to quickly detect violations and report them when necessary.
SolarWinds Security Event Manager (SEM) allows you to easily tailor its interface according to DISA security requirements, making it easier to find what you need quickly. It provides a centralized way of searching through mountains of information for information that’s pertinent.
These tools are great resources for federal IT professionals or those simply seeking to enhance their compliance posture, helping you stay on top of tasks while automating monitoring assets. Don’t wait another moment: explore these tools today!