As a CISO, have you ever experienced the frustration of accurately assessing the security and risk posture of your IT environment, and communicating it effectively to executives in a timely manner? If you had to wait for a periodic scan to complete or if your security and risk directors had to compile results manually, you know how difficult it is to respond to queries from the Board and C-level executives about the impact of your security programs. With the newly released SecurityCenter 5, you no longer have to sweat the details. Assurance Report Cards, or ARCs, enable CISOs to define their security program objectives in clear and concise terms, identify and close potential security gaps, and communicate the effectiveness of their security investments to C-level executives, board members and business managers.
Security for C-level management
As Tenable’s CEO Ron Gula has pointed out, security is no longer just an IT issue; it’s a business priority that the entire organization must buy into. Not only must executives get regular reports on security status, but to be understood and appreciated, the reports should align security programs with business objectives. Traditionally, CISOs have lacked the tools to create a comprehensive, holistic view of network health. But now SecurityCenter ARCs present the big picture of an organization’s security status from a business perspective.
Assurance Report Cards to the rescue
ARCs are customer-defined security policies, designed for security professionals to communicate with executives about the health of network systems
ARCs are customer-defined security policies, designed for security professionals to communicate with executives about the health of network systems, aligning security policies with high-level business objectives. SecurityCenter measures and analyzes risk, vulnerability, and compliance data, and ARCs compile the results in an intuitive report card format, perfect for sharing and presentations.
Each ARC is a customer defined business objective that can be expressed in terms of multiple customer defined policy statements. These policy statements get continuously evaluated using the underlying controls being monitored by Tenable’s SecurityCenter Continuous View platform, using multiple Nessus vulnerability scanners, multiple PVS network sensors, and logs collected and correlated by the Log Correlation Engine.
SecurityCenter comes pre-packaged with several ARCs that represent the 5 most common objectives found in security standards such as NIST, PCI, and SANS Top 20. These 5 objectives represent Tenable’s Critical Cyber Controls which can help you implement a sound security policy based on industry best practices:
- Maintain an inventory of software and hardware
- Continuously remove vulnerabilities and misconfigurations
- Deploy a secure network
- Authorize user access to the systems and data
- Search for malware and intruders
By tracking the Critical Cyber Controls with ARCs, SecurityCenter provides continuous assurance that your security policy is effective. Additional pre-defined ARCs that take the guess work out of compliance will be available in future releases.
The pre-packaged ARCs for the Critical Cyber Controls are just a starting point. You can customize the existing ARCs by adding any policies that are critical to your business needs, or you can create your own ARCs based on the business language of your organization.
You can create your own ARCs based on the business language of your organization
SecurityCenter monitors the status of critical systems, assessing the security of IT infrastructures not only when a compliance audit is conducted but continuously to provide insight into your organization’s security posture. And ARCs are the perfect tools to provide assurance that your security programs are working at any time.
Picture yourself walking into the CFO’s office; you’re holding an iPad that displays the five SecurityCenter ARCs. In a short conversation with the CEO/CFO, you present a complete picture of enterprise security and you propose a method for closing one last security gap that is indicated in an ARC. There’s no waiting for scan results and metrics, you have all the information you need right at your fingertips.
More new features in SecurityCenter 5
SecurityCenter 5 includes several other new features that improve performance and enhance vulnerability management:
- New HTML 5 UI: enables highly-customizable dashboards, with preview screens to visualize how the screen would be populated with data
- Improved Searching/Trending: of scan and event data, with the new capability of storing incremental changes in the back-end repositories
- Audit Policies in Content Feed: provides automatic configuration policy updates in the regular content feeds from Tenable, without going through manual downloads and imports
- New APIs: enables integrating SecurityCenter 5 with existing infrastructure to perform automated tasks for centralized management, reporting, remediation, and workflows
- Configurable Blackout Windows: overrides schedules in individual scan policies
- 32G repositories: saves more scan/events/network activity data for longer periods
- UTF character support: enables internationalization/localization for reporting
To learn more about SecurityCenter 5, consult these sources:
- Attend the webinar: Measure and Demonstrate Security Effectiveness with Continuous Network Monitoring
- Read Whitepaper: Managing Business Risks with Assurance Report Cards
- Learn about: What’s New in SecurityCenter 5
- Request an evaluation of SecurityCenter 5
- Contact Tenable or one of our many partners