Cyber Security Services (AWARE) · Our GPG-13 AWARE Protective Monitoring Services are aligned with...
Transcript of Cyber Security Services (AWARE) · Our GPG-13 AWARE Protective Monitoring Services are aligned with...
Classification: Open
SERVICE DEFINITION
CYBER SECURITY SERVICES
(AWARE) G-CLOUD 8
Classification: Open ii
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
© MDS Technologies Ltd 2016.
Other than for the sole purpose of evaluating this Response, no part of this material may be reproduced or transmitted in any form, or by any means, electronic, mechanical, photocopied, recorded or otherwise or stored in any retrieval system of any nature without the written permission of MDS Technologies Ltd.
MDS Technologies Ltd, 2 Methuen Park, Chippenham, Wiltshire, SN14 0GX
Telephone: 01225 816220, Fax: 01225 816281
CONTENTS
SUMMARY OF SERVICE FEATURES ................................................................................... 3
Falanx Cyber Defence Protective Monitoring Services ..................................................... 4
Service Highlights .................................................................................................................. 5
Service Description ................................................................................................................ 6
GPG-13 AWARE Protective Monitoring Service Levels ..................................................... 9
Service Deployment Model ................................................................................................. 13
Service On-Boarding ........................................................................................................... 14
Commercial ........................................................................................................................... 16
Annex A – Protective Monitoring AWARE Control Scope ............................................... 17
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
WHY MDS?
A privately owned, UK sovereign company
Connected to Internet, JANET, N3, PSN, RLI
Public, community and private cloud available
Security Cleared technical and customer service staff
We are Agile, Flexible, Open, Honest and Transparent
We deliver cost effective solutions on time and within budget
We are your One-Stop-Shop for secure assured Cloud services
A fully managed platform using our ITIL-aligned 24/7 Service Desk
Experienced at delivering small, large and complex Cloud solutions
We are an SME - large enough to deliver, small enough to care
PROFESSIONAL, PERSONALISED SOLUTIONS
SUMMARY OF SERVICE FEATURES
Specialist UK Cyber Security Operations Centre
Proactive monitoring of external and internal threats
Situational awareness data to help determine your overall Cyber Security posture
Service delivered using Security Cleared (SC) staff
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Falanx Cyber Defence Protective Monitoring Services
Cyber risk is more pervasive and critical than almost any other risk currently facing government or
commercial organisations that hold valuable or sensitive data. Hacking attacks to steal, damage or
destroy data, plant malicious software or gain unauthorised access to personal information are
becoming more frequent. In addition, ‘insider’ attacks by disgruntled employees or unintentional
security breaches by staff can have serious consequences. All can result in serious financial and/or
reputational damage.
Falanx Cyber Defence Limited, created solely to deliver managed Cyber Security services provides a
range of Protective Monitoring Services that remotely monitor and analyse organisations’ IT
infrastructures for signs of improper activity. Our services provide continuous protection for both
legacy and cloud computing environments from cyber threats, failure of process or technology and
human error.
Our Protective Monitoring Services are designed for organisations that require:
Proactive monitoring of external and internal threats to Information Security and IT systems.
Effective Cyber Security services that need to be deployed and within a limited budget and would therefore benefit from a flexible and cost effective pricing model.
Situational awareness data to help determine their overall Cyber Security posture.
Confidence in the integrity of a UK-based service delivered by a UK company using a UK-owned and UK-developed monitoring toolset. Customer data remains entirely within the UK.
A forensic log management capability that allows the collection, recording and retention of log data in a manner that supports forensic investigations.
Demonstration of compliance with International and UK Government specific security standards, guidance and policies - in particular, the Security Policy Framework and CESG Good Practice Guide 13.
A robust, cost-effective solution offering peace of mind by providing auditability, accountability and governance.
Protective Monitoring from Falanx Cyber Defence greatly reduces an organisation's risk exposure by:
Rapidly identifying and communicating transactions within the enterprise that reflect misuse or compromise;
Decreasing the likelihood of a significant security event;
Enabling the impact of a security incident to be reduced through timely resolution.
Falanx Cyber Defence's GPG-13 AWARE Protective Monitoring Services are aligned with the
AWARE Segment (Recording Profiles A) of CESG’s Good Practice Guide (GPG) 13 - Protective
Monitoring for Government ICT Systems. This guide is recognised as an industry standard for security
monitoring. Both our Protective Monitoring offerings incorporate our high-integrity Forensic Log
Management Service that allows the collection, recording and retention of log data in a manner that
supports forensic investigations, allowing the logs to be used as evidence in a work tribunal or legal
case in a court of law.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Our Services provide organisations with assurance that their information systems and associated data
are being used appropriately and provide visibility on who is accessing the systems.
MDS partners with Falanx Assuria Cyber Defence to offer this service.
Service Highlights
Simple pricing model based on the number of devices that need to be monitored with prices starting at just £8 per device per month all inclusive (dependent upon quantity of devices).
Managed UK sovereign services provided by an organisation created solely for the purpose of delivering managed cyber security services.
Delivered remotely from a specialist UK Cyber Security Operations Centre (CSOC) using (as a minimum) UK Security Cleared (SC) Cyber Security Analysts, operating on a 24x7x52 basis.
Delivered from within an Integrated Management System (IMS) certified to ISO9001, ISO20000-1 and ISO27001.
Suitable for OFFICIAL environments.
Rapid on-boarding with options available for zero start-up costs.
Forensically sound log collection and storage solution providing data chain of custody.
Out-of-the-box, pre-defined GPG-13 deployments.
24x7x52 collection, alerting, recording and retention of monitored data.
Capture of a wide variety of data types from formally structured and normalised files, through to data captured from screen shots.
99.7% or 99.5% availability, dependent upon service level.
Flexible and adaptable – add, remove or change your monitored devices at any time.
Scalable solutions with proven collection capability up to 300 million events per day.
Monthly monitoring reporting summaries providing feedback on the risk and security status of the customer organisation.
ITIL aligned Service Desk providing Call Handling and Request Fulfilment.
Only two working days’ termination notice with options available for zero on-boarding and termination costs.
Digitally signed log store monitored for signs of addition, deletion or modification of data.
Variable data retention periods based on an organisation’s needs, with additional archiving available as a Service Catalogue item.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Service Description
GPG-13 AWARE Protective Monitoring
The Falanx Cyber Defence GPG-13 AWARE Protective Monitoring Services are managed services
suitable for monitored environments up to OFFICAL. These services provide Protective Monitoring
based on the controls defined in CESG’s Good Practice Guide 13 (GPG-13). We have developed our
Protective Monitoring Services using an appropriate treatment of GPG-13 policies, with suitable
architecture deployments and solid operating processes to deliver effective services to customers.
GPG-13 Protective Monitoring Controls (PMCs) define a set of alerts and reports that provide
feedback on the risk and security status of an organisation. They include control activities such as
inspecting firewall logs, investigating operating system security alerts and monitoring Intrusion
Detection Systems (IDS). Falanx Cyber Defence provides out-of-the-box, pre-defined, GPG-13
deployments.
Our GPG-13 AWARE Protective Monitoring Services are aligned with the AWARE Segment of GPG-
13. Annex A provides details of the specific PMCs in scope for each level of service. They use a
combination of automated tooling and specialist expertise. This ensures that any information captured
and analysed using software tools has human knowledge and experience applied which reduces the
number of false positives (non-relevant events) identified and aids remediation planning and action.
The Protective Monitoring Services are based on SIEM technology that delivers an enterprise wide
view of Information Security activity, from almost any system, application or device within the IT
infrastructure. The SIEM provides automated collection and management of audit logs from across
the whole enterprise, as well as security event analysis, alerting and reporting.
Falanx Cyber Defence Protective Monitoring Services generate security alerts following the ingestion
and analysis of Security Events sent by software agents from a customer’s monitored estate.
Supporting this process is a set of filtering, correlation and analysis rules within the toolset that link
individual Security Events together in order to help establish when a Security Alert needs to be
generated.
At Falanx Cyber Defence we use a unique approach in our application of GPG-13 controls which is
beneficial to customer organisations. The approach has a pre-established template set of minimum
baseline controls and Alerts. Each Alert type defined in GPG-13 has an additional category of either
‘Standard’ or ‘Enhanced’ which ensures that the right information regarding an organisation’s IT
security status is provided in the right quantities, at the right time intervals and in the most useful
format possible.
Details of Standard Alerts are given to customers in Daily Alert Summaries generated once every 24
hours. Details of Enhanced Security Alerts are passed to Falanx Cyber Defence Cyber Security
Analysts who use a set of detailed guidance criteria documented in a KnowledgeBase to establish
whether or not the Security Alert is valid and can be notified to the customer (or is a False Positive). If
confirmed as ‘notifiable’, this is classed as a Potential Security Incident and the customer notified.
Potential Security Incidents are an indication that a Security Incident may have occurred on a
customer’s estate. An actual Security Incident can only be confirmed by the customer.
Potential Security Incidents are communicated to the organisation’s Named Contact within agreed
timescales by telephone and email. In some cases, further Security Alerts of the same type are then
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
suppressed by the SIEM for a defined period of time in order to prevent both the customer and Falanx
Cyber Defence Cyber Security Analysts from being swamped by large quantities of similar Alerts. This
approach has the benefit of reducing ‘Alert storms’ where certain Event types would naturally
generate large and overwhelming volumes of Alerts.
A False Positive is an Alert which analysis shows is not a Potential Security Incident and which should
not be notified to the customer,. it is a Security Alert which fails to meet the validation criteria for
notification. Whenever an Analyst deems that a False Positive has occurred the ‘Falanx Cyber
Defence - Tuning Process’ is invoked to ensure that similar False Positives are not generated.
If a customer confirms the validity of a Potential Security Incident of which they have been notified, it
is categorised as Confirmed Security Incident, if not, it is again deemed a False Positive and the
‘Falanx Cyber Defence - Tuning Process’ invoked.
Customers may select 10 Events for Enhanced Alerting irrespective of how they have been defined
by Falanx Cyber Defence or GPG-13 (for example, a logon event or warning message on a device
that would not otherwise raise an alert). In such cases the customer must provide Falanx Cyber
Defence with adequate information to allow such Events to be identified.
Accounting Data is collected 24x7x52. Alerting is undertaken during the respective service-level
operating times, be it 24x7x52 or otherwise.
A Service Catalogue item is available for periodic Critical Security Alert reviews to be performed by
Falanx Cyber Defence Cyber Security Analysts outside of Core Hours. Critical Alerts are then
reviewed and actioned on a 12 hourly basis (i.e. on non-normal working days, Analysts will perform
their review at 07:00 and 19:00). Alerts defined as Critical shall be agreed by both parties.
Service Resilience
Backup of customer raw log data is taken once every 24 hours. Backups are retained for 14 days.
Service availability for the Falanx Cyber Defence GPG-13 AWARE Protective Monitoring Service is
either 99.5% or 99.7% (dependent upon the service level selected).
Forensic Log Management
Falanx Cyber Defence’s Forensic Log Management Service uses a product that assures log data
integrity and forensic soundness. The service is specifically designed to meet the forensic log
management requirements of the UK Government and provides a high integrity solution for defence,
security and commercial organisations.
Our Forensic Log Management Services provide forensic soundness in the following areas:
1. Provision of logs in their original form;
2. Prevention of undetectable addition of log data;
3. Prevention of undetectable deletion of log data;
4. Prevention of undetectable modification of log data;
5. Demonstration of log data chain of custody.
Any log integrity issues identified by the service are notified to the CSOC for analysis and validation
and any subsequent incident handling.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
3.4 Service Desk
All Falanx Cyber Defence services are supported by an ITIL aligned Service Desk providing Call
Handling and Request Fulfilment services. The Service Desk is also responsible for managing the
lifecycle of Service Incidents from identification through to successful resolution.
3.5 Service Management and Reporting
All Falanx Cyber Defence processes related to the management, support and maintenance of our
Protective Monitoring Services have been developed in accordance with ITIL best practice including:
Service Level Management;
Event Management;
Availability Management;
Capacity Management;
IT Service Continuity Management;
Information Security Management;
Supplier Management;
Incident Management;
Problem Management;
Service Asset and Configuration Management;
Change Management and Release and Deployment Management;
Continual Service Improvement.
Our Service Desk acts as the primary point of contact for handling Service Incidents and Service
Requests, it also provides an interface to other IT Service Management activities. Service related
Incidents are notified to customer organisations within two hours during Core Hours.
Monthly summary reports are issued to customers, providing feedback on the performance and
effectiveness of the Service during the period. The monthly report contains a summary of Security
Incident information against the customer’s relevant monitoring controls. Additionally, Service
performance management information is included summarising the following:
All Security Incidents raised in period;
Status of any Service Incidents raised in the period;
General cyber security information considered relevant to customers of the Protective Monitoring Services.
An initial Service Review is held with the customer organisation within two months of service
commencement. Further Service Reviews are held annually.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
3.6 Quality Processes
Falanx Cyber Defence operate an Integrated Management System (IMS) certified to ISO9001,
ISO20000-1 and ISO27001, and the principles for security within our IMS are aligned with those of the
HMG Security Policy Framework (SPF).
Our Protective Monitoring Services support the cyber security requirements of government
organisations as prescribed by the HMG SPF, most specifically in terms of the security outcomes
relating to:
Technology and Services requirements for risk-informed security controls,
Information requirements to maintain the confidentiality, integrity and availability of information, and,
Preparation for and response to Security Incidents to reduce vulnerability to cyber-attack, leaks, and insider attacks.
Falanx Assuia’s Protective Monitoring Services have been designed specifically around the GPG-13
guidance from CESG, which is the UK’s National Technical Authority for Information Assurance in this
area. Falanx Cyber Defence’s services are aligned to the latest Security Operations and Management
guidance published by CESG, and our services are continuously reviewed and adapted to reflect
changes in best practice guidance issued by CESG.
GPG-13 AWARE Protective Monitoring Service Levels
Item AWARE (Standard Service
Level)
AWARE (Enhanced Service
Level)
Alerting Hours
0700-1900
Mon-Fri
Excluding UK Bank Holidays
24x7x52
Core Hours 0700-1900
Mon-Fri
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Item AWARE (Standard Service
Level)
AWARE (Enhanced Service
Level)
Excluding UK Bank Holidays
Collection, Recording and
Retention of Event Data 24x7x52
Analysis and Validation Of
Potential Security Incidents.
Alerting of Security Alerts and
Incident Support
Alerting Hours
Collection, Storage and
Management of Digitally Signed
Logs
24x7x52
Call Handling and Request
Fulfilment Core Hours
Availability of the FAL Protective
Monitoring Tool
Target 99.5% Target 99.7%
Security Alert Notification
4 Hours
(Alerting Hours Only)
Target 95%
Service Outage Notification
2 Hours
(Alerting Hours Only)
Target 95%
Service Reviews Annually
Initial Response To Changes In
Monitored Device Set
3 Working Days
Initial Response To Customer
Change Requests
5 Working Days
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Item AWARE (Standard Service
Level)
AWARE (Enhanced Service
Level)
Initial Response To Customer
Service Requests
3 Working Days
Maximum Security Classification OFFICIAL
Maximum GPG-13 Recording
Profile A
Price (Per Device / Per Month) From £8.00 From £11.00
Termination Notice 2 Working Days
Data Retention Variable data retention periods.
Backups Backup of log data taken once every 24 Hours.
Backups retained for 14 Days.
Planned Maintenance Between the hours of 00:00 and 06:00 (UK local time) Monday
to Sunday and/or between the hours of 08:00 and 12:00 (UK
local time) on a Saturday and/or Sunday.
‘Planned Maintenance” means any pre-planned maintenance of
any infrastructure relating to the Service. FAL shall provide the
customer with at least twenty four (24) hours’ advance notice of
any such planned maintenance.
Planned Maintenance shall be excluded from any availability
calculation in regard to service credits but shall be included in
the monthly service reporting.
Service Credits - Service
Availability
Credit calculated as a percentage of the fees for the affected
Services measured quarterly.
(E.g. An Actual Service Availability of 98% against a Target
Service Availability of 99.7% produces a Service Credit of 1.7%
of Charges measured Quarterly).
Excludes Planned Maintenance periods.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Item AWARE (Standard Service
Level)
AWARE (Enhanced Service
Level)
Service Credits - Security Alert
Notification
Credit of 0.5 days of Charges for each Failure
Minimum Contract Term /
On-Boarding and Termination
Charges
Option 1 – Zero On-Boarding Charges
Zero On-Boarding Charges
Minimum 12 Month Contract
£5,000 Termination Charges in First 12 months
Option 2 – Zero Termination Charges
£10,000 On-Boarding Charge
No Minimum Contract Term
Zero Termination Charges
Billing Monthly in Advance
Minimum Number of Devices 20
(POA for deployments of fewer devices)
Table 1 Falanx Cyber Defence GPG-13 AWARE Protective Monitoring Service Levels
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Service Deployment Model
The standard Falanx Cyber Defence deployment for Protective Monitoring Services is depicted in
Figure-1. Software agents are deployed on customers’ systems and interact with local database,
application and device / host operating systems’ logging capabilities to capture the accounting data
necessary for GPG-13 in its original form. This data is digitally signed by each agent before onward
secure transmission (encrypted and mutually
authenticated). The agents are configured to route
their collected data to a proxy service residing within a
security zone in the customer environment. This
service then forwards collected log data to Falanx
Cyber Defence, again using a secure transmission
method.
For resilience, agents are capable of spooling the
accounting data until a successful onward
transmission. Multiple proxies can be deployed to offer
security traffic segregation and management. The
standard service provides a single proxy instance
included in the price with other instances being
available from the Service Catalogue.
The software agents support most common operating
environments and capture a wide variety of data types
from formally structured and normalised files, through
to data captured from screen shots. The agents can
be easily installed by customers using the installation
guides and remote support provided by Falanx Cyber
Defence. As a Service Catalogue item, our support
team can be contracted under the consulting rates to attend site and assist in the agent and proxy
installations.
Data within our Protective Monitoring Service is processed and stored using controls commensurate
with the data’s Government Security Classification (GSC).
As part of the standard service provision, organisations are allocated one Terabyte (1TB) of storage
space which is usually sufficient to retain up to 180 days of accounting data in raw form and up to 60
days of normalised data. Should the volume of accounting data being captured be likely to exceed
this 1TB volume, additional storage can be requested as a Service Catalogue Item.
At the end of a retention period the data is deleted using an appropriate mechanism for the data’s
GSC.
Other deployment design options are available through Falanx Cyber Defence’s consultancy services.
Figure 1 Standard Deployment Model
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Service On-Boarding
The Falanx Cyber Defence Protective Monitoring Service is easy for customer organisations to on-
board. Upon submission of an order, the customer is provided with a Welcome Pack detailing what
happens next and how to enable the Service.
Figure-2 shows typical on-boarding timescales for the Falanx Protective Monitoring service.
Following the Welcome Pack, Falanx Cyber Defence will:
Configure a monitoring instance for the customer organisation.
Provide the customer with access to the required software including details of how to install and configure agents on the customer’s systems. This includes support on installation where required.
Advise the customer on the changes required to their systems to configure secure communications between the customer and Falanx Cyber Defence networks.
Test the Service to ensure log collection is correctly configured and that reports and alerts are working as expected.
Billing for Falanx Cyber Defence Protective Monitoring Services is monthly in advance and charges
commence 10 working days after the agreed commencement date submitted on the order form.
Customer On-boarding Responsibilities
Customer organisations are responsible for:
Contract Award
Build
•High Level Design
•SIEM instance provision and deployment
•Configure Customer Service Details
•TLS Proxy provision
•TLS Proxy deployment
•Agent provision
•Agent deployment
•Test and Acceptance
IOC
Baseline
•Service Provision
•Pipe Clean
•Establish normal profile
•Onboard Tranche 1
•Onboard Tranche 2
•Onboard Tranche 3
FOC
Service Level Delivery
•Service Level Management
•SLA and KPI monitoring
•Service Reporting
EOL
10 working days 60 calendar days Remainder of term
Figure 2 Typical On-Boarding Timescales
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Providing a unique telephone number and email address for the escalation of Security Alerts;
Ensuring that only appropriate data (e.g. up to OFFICIAL) is accessible within the platform;
Advising Users that the system is being monitored;
Installing software agents and proxies as per Falanx Cyber Defence’s instructions and enabling communications to the Falanx Cyber Defence monitoring instance. This includes providing a Virtual Machine (VM) in their data centre(s) for each proxy they require. The VMs are to be deployed in a network remotely accessible by Falanx Cyber Defence staff and the Falanx Cyber Defence data centre;
Configuring their systems to generate logs in-line with the recommendations of GPG-13;
Configuring their internal security systems to allow secure communications between agents and proxies and externally between proxies and Falanx Cyber Defence data centre(s);
Providing basic configuration information on log sources in-scope for the service;
Providing Falanx Cyber Defence with communications on changes to their information systems which may have an impact upon the monitoring service;
Managing any remediation activity associated with a Security Alert.
Scope of Supply
Protective Monitoring
Deployment of monitoring solution.
Initial baseline tuning.
Log Collection, Recording and Retention.
Analysis and Validation.
Alerting and Reporting.
Incident Support.
Forensic Log Management
Deployment of Forensic Log Management solution.
Digital signing of logs at source.
Monitoring of log store for signs of addition, deletion or modification.
Demonstrable log data chain of custody.
Service Management
Service Desk.
Ongoing tuning, patching and update of monitoring systems.
Capacity and Availability monitoring of delivered Service.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Commercial
Pricing, Minimum Contract Term and Termination Conditions
Our Protective Monitoring Services can be terminated at any time with no additional costs if an on-
boarding charge of £10,000 is paid by the customer. Should customers prefer the option of zero on-
boarding charges then a minimum contract term of 12 months applies with a fee of £5,000 payable if
the contract is terminated within this period. No termination fees apply outside of the minimum
contract term. In all cases the Protective Monitoring Services can be terminated with two working
days’ notice. Upon termination all customer log data is permanently and irretrievable deleted. As part
of the Service Catalogue, customers have the option of transferring data out of the Service prior to
deletion.
For full pricing details, please refer to the Falanx Cyber Defence commercial document: Falanx Cyber
Defence G-Cloud 8 Pricing.
Ordering Process
Please contact [email protected] or phone 01225 816280 with any questions or to receive a draft
Service Order Form. Please reference “G-Cloud 8 Cyber Services” to ensure your query is routed to
an appropriate member of our team.
Lot 4 - Specialist Cloud Services
Service Definition: Cyber Security Services (AWARE), Issue: 2.0
Copyright: MDS Technologies Ltd 2016
Annex A – Protective Monitoring AWARE Control Scope
The following GPG-13 Protective Monitoring Controls are in scope for the Falanx Cyber Defence
GPG-13 AWARE Protective Monitoring Service:
Existence of Simple Timestamps
Timestamps of Referenced Events
Malware Detection at the Boundary
Changes to Boundary Anti-Malware Signatures
Packets Dropped By Boundary Firewall
Critical Host Messages at Critical
Host Malware Detection
Critical Host Messages at Error
Changes to Host Anti-Malware Signatures
Packets Dropped By Internal Firewalls
Remote Access User Authentication Failures
Unsuccessful VPN Registrations
Change of Status of Dynamic IP Address Assignments
Remote Access User Sessions
Change in Status of VPN Node Registrations
Node, VPN and Connection Status
Changes to Status of User Network Accounts
Changes to Network User Privileges and User Group Statuses
Use of Application or Database Administration Facilities
Security Manager Console Alerts
Resets, Errors, Failures and Threshold Exceptions
Query of Status of Active Logs