AlgoSec Security. Visibility. Governance
   
 
Press Releases
News Coverage
Events
Case Studies
 

ALGOSEC AUTOMATES NERC CIP COMPLIANCE FOR THE BULK ELECTRIC SYSTEMS OF NORTH AMERICA
 

Automated NERC CIP Compliance Reports in AlgoSec Firewall Analyzer Lower the Cost of Compliance, Improve Security of Critical Cyber Assets

Reston, VA, March 9, 2010 – AlgoSec®, the leading provider of firewall operations and security risk management solutions, today announced that it has incorporated another layer of compliance reporting into its AlgoSec Firewall Analyzer® with the addition of automated compliance reporting for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards.

The AlgoSec NERC CIP Compliance Report addresses two major areas: documenting and controlling changes to firewall rules and controlling risk affected by firewall rules. It is offered as part of the award-winning AlgoSec Firewall Analyzer, a firewall operations and security risk management solution that provides automated, non-intrusive firewall, router and VPN audit and analysis.

Tasked with ensuring the reliability of the North American bulk power system, NERC created the CIP Reliability Standards to provide Registered Entities with clear guidance for minimizing vulnerabilities. By June 30, 2010, all Registered Entities must be capable of demonstrating “Auditable [CIP] Compliance” across eight categories of controls for securing critical cyber assets of which the majority are directly tied to firewall operations.

The technical requirements for CIP compliance as they pertain to firewall operations are multifaceted, time-consuming, expensive and potentially risky operations without advanced processes. Considering this level of complexity and the approaching compliance deadline, AlgoSec has created the AlgoSec NERC CIP Compliance Report to provide Registered Entities with a solution that automates key requirements for CIP firewall auditing and documentation processes.

“Threats to the North American bulk power system are very real and the firewall represents the front line of cyber defense,” said Avishai Wool, CTO and co-founder of AlgoSec. “While terrorist plots and hacks against national utility IT networks are what make the headlines, threats come in a number of forms and can often be self-inflicted by improper and inefficient firewall operations – that’s where a solution like the AlgoSec Firewall Analyzer and its NERC CIP Compliance Reports come in. Remember, meeting compliance for compliance sake is not the point, it’s about protecting the cyber assets that carry power to the homes and businesses of North America.”

Intelligent automation technology in the AlgoSec NERC CIP Compliance Report enables Registered Entities to quickly and cost-effectively surmount the operational hurdles of manually implementing and managing firewall rule changes. It also provides cost-saving opportunities in the rule-change workflow by: eliminating unnecessary work associated with unneeded rule changes; utilizing intelligent decision-support algorithms to automate audits, perform what-if compliance checks, create detailed work orders, and match tickets to audit discovery results; and, streamlining the flow of information between team members by creating a results history for documentation and CIP audit readiness.

Simplifying CIP documentation by automatically aggregating data from all the firewalls and other security devices deployed by a Registered Entity, the AlgoSec NERC CIP Compliance Report eliminates the time traditionally needed for auditors to manually cross-check multiple reports and data elements. Automation of firewall audits also provides instant, real-time snapshots of CIP compliance for all firewalls operated by a Registered Entity.

The AlgoSec NERC CIP Compliance Report presents compliance data in summary form, providing the ability to drill down into data for individual devices, ports and rules to enable accurate, rapid remediation for non-compliant findings. On-demand access to deeper-layer data is also useful for answering pointed questions from auditors about specific firewall rules and their effect on critical
cyber assets.

The AlgoSec NERC CIP Compliance Report will be available in the next release of AlgoSec Firewall Analyzer planned for Q2 2010. A white paper detailing the AlgoSec NERC CIP Compliance Report can be found at http://www.algosec.com/en/solutions/white_papers.php. More information on AlgoSec’s firewall operations and security risk management solutions as well as its compliance tools can be found online at www.algosec.com. Guidelines for CIP compliance are specified in the NERC Compliance Monitoring and Enforcement Program: 2010 Implementation Plan.
 



AlgoSec’s Firewall Analyzer is a must have for anyone who manages a rule set of 100 or more.


Network World Magazine



By creating FireFlow using the AFA engine, AlgoSec has effectively created a solution that can automate the entire network security lifecycle...


Frost & Sullivan Analyst



We quickly saw a clear return on our investment with the AlgoSec Firewall Analyzer...


Anton Spitzer,
Infrastructure Services, Porsche Informatik



The AFA allows us to get all of our firewall information in one place, providing IT Governance and visibility where it did not exist.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



Network security VARs, take note: AlgoSec’s FireFlow network policy change workflow management software is the next hot-ticket item for customers.


eWeek Magazine



The AlgoSec Firewall Analyzer fills a critical need for us by automating what was a manual, labor intensive and error prone process.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



By utilizing AFA we no longer require the services of an external source to perform an audit.


Ruza Manojilovic,
Manager Security Operations Teranet



It (AFA) easily and quickly provided Atos Worldline with the ability to understand, track and verify changes to our firewall infrastructure…


Massoud Kamran,
Security Consultant at Atos Worldline Belgium



AlgoSec Firewall Analyzer’s automated and intelligent analysis lets us know the implications of a change and avoid potential risks which save us time, effort and money.


Peter Johannes,
head of Security and Architecture Policy at Atos Worldline Belgium



AlgoSec’s Firewall Analyzer has helped us significantly improve our overall network security.


Ruza Manojilovic,
Manager Security Operations Teranet



Using AFA’s turnkey solution for PCI DSS has been invaluable for us in terms of time and effort.


Ruza Manojilovic,
Manager Security Operations Teranet

 

The integrity of the company (AlgoSec) and its employees surpassed our expectations and has raised the bar for what we look for in other vendors as well.”


Lutz Bleyer, Chief Security Officer,
FIDUCIA



By utilizing AFA we no longer require the services of an external source to perform an audit.


Ruza Manojilovic,
Manager Security Operations Teranet.



With the AFA we can focus on what is most important to Porsche Informatik – our customers.


Anton Spitzer,
Infrastructure Services, Porsche Informatik



AlgoSec affords us realizing operational efficiencies in global security policy management and compliance.


Hugo Van der Veeken,
Atos Worldline SA/NVsecurity department head