Objective

Requirement

Blackbird Solution

Tier 1 - Objective 6

Determine the Adequacy of Security Monitoring

Blackbird's auditing and event consolidation modules track, report and alert on violations against relevant audit and log messages that have an impact on security and monitoring responsibilities.

1.6.1

Obtain an understanding of the institution's monitoring plans and activities, including activity monitoring and condition monitoring.

Blackbird provides real-time monitoring, alerting, and reporting on specific activities and conditions. Built-in and custom reports can be scheduled and executed to ensure appropriate review processes are enforced.

1.6.2

Identify the organizational unit and personnel responsible for performing the functions of a security response center.

Blackbird enables organizations to report and alert on Active Directory, Group Policy, and access permission changes performed by administrative staff.

1.6.4

Obtain and evaluate the policies governing security response center functions, including monitoring, classification, escalation, and reporting.

Create customizable workflows for security teams, so they can automate the creation, review, and approval of entitlements and roles.

Tier 1 - Objective 7

Evaluate the effectiveness of enterprise-wide security administration.

Blackbird provides real-time auditing and event consolidations of Active Directory and file system resources enabling security and audit teams to track and alert on specific events and conditions

1.7.2

Determine whether management and department heads are adequately trained and sufficiently accountable for the security of their personnel, information, and systems.

Blackbirds auditing solutions provide valuable insight into an organizations administrative, security and compliance processes.

Automates the collection, reporting and alerting on specific activities demonstratives diligences to management and external stakeholders and enables accountability of employees and outsourced staff.

1.7.7

Evaluate the adequacy of automated tools to support secure configuration Management, security monitoring, policy monitoring, enforcement, and reporting.

Blackbird enables organizations to report agency-wide security policy configuration changes made via Group Policy.

Tier 2 A

Access Rights Administration

Blackbird enables organizations to report agency-wide user entitlements, administrator actions and security policy configuration changes made via Group Policy.

All access changes are stored in a centralized auditing database, and automated reports can be sent directly to administrators, security officers, and business data owners on a set schedule.

2.A.4

Determine that administrator or root privilege access is appropriately monitored.

Blackbird collects all AD account management and account usage activity.The creation of privileged accounts (i.e., Domain Administrators, Schema Administrators) or granting of privileged rights is easily and automatically monitored, alerted, and reported on.

Tier 2 B

Network Security

Blackbird tracks all Group Policy and collects logs from Microsoft infrastructure and provides monitoring, alerting, and forensic analysis.

2.B.13

Determine whether logs of security-related events are appropriately secured against unauthorized access, change, and deletion for an adequate time period, and that reporting to those logs is adequately protected.

Blackbird helps protect audit trails from unauthorized modification. Blackbirds real-time Active Directory and File System auditing do not rely on native event logs. Instead, events are captured real-time and forwarded immediately to the central Blackbird database. The Blackbird database uses native server and SQL permission management to ensure separation of duties ensure that log data cannot be modified or deleted.

Tier 2 C

Host Security

Blackbird collects all Windows event logs and custom application logs that write to the native log provider, to provide event consolidation, monitoring, alerting, and forensic analysis

2.C.7

Determine whether access to utilities on the host are appropriately restricted and monitored.

Blackbird can collect audit events reporting on the access and use of utilities on hosts for monitoring and reporting. Additionally, Blackbird can centrally track and report on file access and activity.

Tier 2 M

Security Monitoring

Blackbird provides real-time monitoring and alerting on all Active Directory and File System changes.

2.M.1

Identify the monitoring performed to identify non-compliance with institution security policies and potential intrusions.

Blackbird provides central analysis and monitoring of Active Directory, Group Policy and File System for intrusion related activity across the IT infrastructure

2.M.6

Determine whether logs of security-related events are appropriately secured against unauthorized access, change, and deletion for an adequate time period, and that reporting to those logs is adequately protected.

Events are captured real-time and forwarded immediately to the central Blackbird database. The Blackbird database uses native server and SQL permission management to ensure separation of duties and ensure that log data cannot be modified or deleted.

2.M.8

Determine whether an appropriate process exists to authorize employee access to security monitoring and event management systems and that authentication and authorization controls appropriately limit access to and control the access of authorized individuals.

Blackbird provides centralized secure access to all log data. Blackbird leverages application and database level controls to restrict user access to authorized data and functions. Blackbird includes discretionary access controls for restricting users to a defined subset of the log data collected.