Use Case: Monitor Policies
Policy auditing and change control are fundamental processes that allow administrators and security professionals to control access and communications between critical business assets.
The criteria for policy monitoring can include monitoring of assets and communications for the following scenarios:
Use Policy Monitor to define tests that are based on the risk indicators, and then restrict the test results to filter the query for specific results, violations, protocols, or vulnerabilities.
JSA Risk Manager includes several Policy Monitor questions that are grouped by PCI category. For example, PCI 1, PCI 6, and PCI 10 questions. Questions can be created for assets or devices and rules to expose network security risk. After a question about an asset or a device/rule is submitted to Policy Monitor, the returned results specify the level of risk. You can approve results that are returned from assets or define how you want the system to respond to unapproved results.
Policy Monitor provides the following key features:
Predefined Policy Monitor questions to assist with workflow.
Determines if users used forbidden protocols to communicate.
Assessing if users on specific networks can communicate to forbidden networks or assets.
Assessing if firewall rules meet corporate policy.
Continuous monitoring of policies that generate offenses or alerts to administrators.
Prioritizing vulnerabilities by assessing which systems can be compromised as a result of device configuration.
Help identifying compliance issues.