12.6.1 Control of Technical Vulnerabilities

Illustrative Controls and TIBCO LogLogic Solution

Vulnerabilities are continually being discovered by hackers/researchers and introduced by new software. Systems, processes, and custom software should be tested frequently to ensure security is maintained over time and through changes. Use network intrusion detection systems, host-based intrusion detection systems, and/or intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date. Ensure that security techniques and related management procedures are used to authorize access and control information flows from and to networks such as intrusion detection.

To satisfy this requirement, administrators must periodically review IDS logs to ensure the IDS tools are fully utilized. Administrators must review all remote access to the IT infrastructure through VPN or through firewalls. Detect any anomalies such as Anomalous IDS Alerts or firewall traffic by using behavioral-based alerts.

Reports and Alerts

Use the following link/reference to see the 12.6.1 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.