Protective Monitoring: GPG13
Protective Monitoring has various meanings in IT Security terms, but it is best known as a specific term used by UK Government (also known as Good Practice Guide 13, or GPG13) to refer to a set of recommended processes and technologies aimed at improving risk profiles and reducing Cyber Risk. In other words, Protective Monitoring provides essential oversight of IT systems across the whole enterprise.
Specifically, the Protective Monitoring Controls (also known as PMCs) define a set of control alerts and reports that provide feedback to those with responsibility for organisation risk and the performance of Protective Monitoring systems. This includes such information security control activities as inspecting firewall logs, investigating operating system security alerts and monitoring Intrusion Detection Systems (IDS). Protective Monitoring also includes putting in place mechanisms for collecting ICT log information and configuring ICT logs in order to provide an audit trail of security relevant events of interest.
Assuria's forensic SIEM software solution Assuria Log Manager (ALM) was designed from the ground up to deliver flexible, customisable and cost effective Protective Monitoring to GPG13 standards as well as other international standards, such as ISO27001 and PCI-DSS. ALM provides built-in GPG13 analysis, alerting and reporting features and is used by UK government and public sector organisations for GPG13 Protective Monitoring up to IL5 level, both directly and via service delivery partners. ALM is available as an In-premise software installation, a fully configured appliance or as a Managed Service from the Falanx Assuria SOC.
For more information on ALM's GPG13 features, please email Assuria at firstname.lastname@example.org.
In a general sense, protective monitoring includes efficient, automatic monitoring, alerting and reporting of system changes, significant system events and file integrity monitoring.
Once systems are configured correctly and in a known and trusted state, with all security controls fully active, it is essential to have systems which monitor all subsequent configuration changes (such as a user being granted increased privileges). These monitoring systems must quickly assess whether changes are authorised at the appropriate level and whether changes take systems out of compliance. Assuria configuration change detection and event monitoring solutions provide visibility and alerting of such changes.
Assuria Log Manager (ALM) is available on UK Government G-Cloud as a Baseline or Deter Protective Monitoring service