SOURCE: AlgoSec

AlgoSec

March 09, 2010 09:07 ET

AlgoSec Automates NERC CIP Compliance for the Bulk Electric Systems of North America

Automated NERC CIP Compliance Reports in AlgoSec Firewall Analyzer Lower the Cost of Compliance, Improve Security of Critical Cyber Assets

RESTON, VA--(Marketwire - March 9, 2010) -  AlgoSec®, the leading provider of firewall operations and security risk management solutions, today announced that it has incorporated another layer of compliance reporting into its AlgoSec Firewall Analyzer® with the addition of automated compliance reporting for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards.

The AlgoSec NERC CIP Compliance Report addresses two major areas: documenting and controlling changes to firewall rules and controlling risk affected by firewall rules. It is offered as part of the award-winning AlgoSec Firewall Analyzer, a firewall operations and security risk management solution that provides automated, non-intrusive firewall, router and VPN audit and analysis.

Tasked with ensuring the reliability of the North American bulk power system, NERC created the CIP Reliability Standards to provide Registered Entities with clear guidance for minimizing vulnerabilities. By June 30, 2010, all Registered Entities must be capable of demonstrating "Auditable [CIP] Compliance" across eight categories of controls for securing critical cyber assets of which the majority are directly tied to firewall operations.

The technical requirements for CIP compliance as they pertain to firewall operations are multifaceted, time-consuming, expensive and potentially risky operations without advanced processes. Considering this level of complexity and the approaching compliance deadline, AlgoSec has created the AlgoSec NERC CIP Compliance Report to provide Registered Entities with a solution that automates key requirements for CIP firewall auditing and documentation processes.

"Threats to the North American bulk power system are very real and the firewall represents the front line of cyber defense," said Avishai Wool, CTO and co-founder of AlgoSec. "While terrorist plots and hacks against national utility IT networks are what make the headlines, threats come in a number of forms and can often be self-inflicted by improper and inefficient firewall operations -- that's where a solution like the AlgoSec Firewall Analyzer and its NERC CIP Compliance Reports come in. Remember, meeting compliance for compliance sake is not the point, it's about protecting the cyber assets that carry power to the homes and businesses of North America."

Intelligent automation technology in the AlgoSec NERC CIP Compliance Report enables Registered Entities to quickly and cost-effectively surmount the operational hurdles of manually implementing and managing firewall rule changes. It also provides cost-saving opportunities in the rule-change workflow by: eliminating unnecessary work associated with unneeded rule changes; utilizing intelligent decision-support algorithms to automate audits, perform what-if compliance checks, create detailed work orders, and match tickets to audit discovery results; and, streamlining the flow of information between team members by creating a results history for documentation and CIP audit readiness.

Simplifying CIP documentation by automatically aggregating data from all the firewalls and other security devices deployed by a Registered Entity, the AlgoSec NERC CIP Compliance Report eliminates the time traditionally needed for auditors to manually cross-check multiple reports and data elements. Automation of firewall audits also provides instant, real-time snapshots of CIP compliance for all firewalls operated by a Registered Entity.

The AlgoSec NERC CIP Compliance Report presents compliance data in summary form, providing the ability to drill down into data for individual devices, ports and rules to enable accurate, rapid remediation for non-compliant findings. On-demand access to deeper-layer data is also useful for answering pointed questions from auditors about specific firewall rules and their effect on critical cyber assets.

The AlgoSec NERC CIP Compliance Report will be available in the next release of AlgoSec Firewall Analyzer planned for Q2 2010. A white paper detailing the AlgoSec NERC CIP Compliance Report can be found at http://www.algosec.com/en/solutions/white_papers.php. More information on AlgoSec's firewall operations and security risk management solutions as well as its compliance tools can be found online at www.algosec.com. Guidelines for CIP compliance are specified in the NERC Compliance Monitoring and Enforcement Program: 2010 Implementation Plan

About AlgoSec
AlgoSec is the leading provider of Firewall Operations and Security Risk Management solutions. AlgoSec's® exclusive technology is optimized for enterprises, MSPs, auditors and consultants to quantifiably increase their operational effectiveness. More than 400 leading organizations such as Cisco, BP, Visa, Nokia, IBM, Vodafone, NASDAQ, KPMG, E&Y, Deloitte, and PwC have selected AlgoSec's products -- AlgoSec Firewall Analyzer and FireFlow™ -- to intelligently automate what were traditionally manual, time- and labor-intensive tasks surrounding firewall, router and VPN management. This translates to significant cost savings and greater output for organizations without increasing headcount. AlgoSec also allows IT organizations to get more from their current infrastructures by extending the lifespan of existing security devices.

Contact Information